Lucene search

K

Piccolo Security Vulnerabilities

cve
cve

CVE-2023-41885

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not al...

5.3CVSS

5.2AI Score

0.0005EPSS

2023-09-12 09:15 PM
26
cve
cve

CVE-2023-47128

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name pa...

9.1CVSS

9.5AI Score

0.001EPSS

2023-11-10 06:15 PM
20
cve
cve

CVE-2024-30248

Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin p...

7.7CVSS

7.5AI Score

0.0004EPSS

2024-04-02 03:15 PM
32