SQL Injection The advisory has been revoked - it doesn't affect any version of package python-SQLAlchemy-doc Open this link in a new tab
Threat Intelligence
EPSS
1.35% (86th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES150-PYTHONSQLALCHEMYDOC-2737994
- published 14 Apr 2022
- disclosed 23 Aug 2019
Introduced: 23 Aug 2019
CVE-2019-7164 Open this link in a new tabAmendment
The SLES
security team deemed this advisory irrelevant for SLES:15.0
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream python-SQLAlchemy-doc
package and not the python-SQLAlchemy-doc
package as distributed by SLES
.
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.