4 matches found
CVE-2026-27953
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview ormar is an An async ORM with fastapi in mind and pydantic validation. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the model constructor when injecting the pkonly or excluded parameters when used...
CVE-2026-27953
Summary: CVE-2026-27953 affects ormar (Python)
PT-2026-26342
Name of the Vulnerable Software and Affected Versions ormar versions 0.23.0 and below Description ormar, an async mini ORM for Python, has a Pydantic validation bypass issue in its model constructor. This allows unauthenticated users to skip all field validation by injecting " pk only ": true int...