12 matches found
EUVD-2023-0196
Malicious code in bioql PyPI...
EUVD-2023-0197
Malicious code in bioql PyPI...
CVE-2023-41885
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...
CVE-2023-47128
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...
CVE-2023-47128
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...
PYSEC-2023-241
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...
Sql injection
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...
CVE-2023-47128
creationtimestamp| type| source ---|---|--- 2023-11-10 17:36:32+00:00| published-proof-of-concept| https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-xq59-7jf3-rjc6...
CVE-2023-41885
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...
Code injection
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...
CVE-2023-41885 Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...
Piccolo Security Breach
Piccolo is a fast, user-friendly ORM and query builder from Piccolo Open Source. A security vulnerability exists in Piccolo 0.120.0 and earlier versions, which stems from the presence of an information leak that can be exploited by an attacker to successfully generate a list of valid users on the...