sqlalchemy@0.6.2 vulnerabilities

Database Abstraction Library

Known vulnerabilities in the sqlalchemy package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H SQL Injection SQLAlchemy is a python SQL Toolkit and Object Relational Mapper. Affected versions of this package are vulnerable to SQL Injection. Allows remote attackers to execute arbitrary SQL commands via the (1) limit, or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. How to fix SQL Injection? Upgrade `SQLAlchemy` to version 0.6.7 or higher.	[,0.6.7)
H SQL Injection SQLAlchemy is a python SQL Toolkit and Object Relational Mapper. Affected versions of this package are vulnerable to SQL Injection when the `group_by` and `order_by` parameter can be controlled. NOTE: This vulnerability has also been identified as: CVE-2019-7164 How to fix SQL Injection? Upgrade `SQLAlchemy` to version 1.2.18 or higher.	[,1.2.18)
H SQL Injection SQLAlchemy is a python SQL Toolkit and Object Relational Mapper. Affected versions of this package are vulnerable to SQL Injection when the `group_by` and `order_by` parameter can be controlled. NOTE: This vulnerability has also been identified as: CVE-2019-7548 How to fix SQL Injection? Upgrade `SQLAlchemy` to version 1.2.18 or higher.	[,1.2.18)