2 matches found
CVE-2020-11010 SQL injection in Tortoise ORM
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...
CVE-2020-11010
CVE-2020-11010 affects Tortoise ORM prior to versions 0.15.23 and 0.16.6. The issue is a SQL injection vulnerability in filtering or mass-updating on char/text fields. MySQL is directly affected; SQLite and PostgreSQL are affected only when using contains, starts_with, or ends_with filters (and t...