17 matches found
EUVD-2020-0223
Malware in sbrugna...
CVE-2020-11010
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...
SQL Injection
tortoise orm is vulnerable to SQL injection. An attacker is able to inject and execute arbtirary SQL statements via the contains, startswith or endswith filters...
Tortoise ORM SQL Injection Vulnerability
Tortoise ORM is an open source object-relational mapper . A SQL injection vulnerability exists in MySQL in Tortoise ORM versions prior to 0.15.23 and prior to 0.16.6. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker...
CVE-2020-11010
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...
CVE-2020-11010
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...
PYSEC-2020-144
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...
PYSEC-2020-144
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...
aerich (>=0.5.0 <=0.5.1), aiowebthing (>=0.1.16 <=0.1.25) +5 more potentially affected by CVE-2020-11010 via tortoise-orm (>=0.16.13 <=0.16.21)
tortoise-orm PYPI version =0.16.13, =0.5.0, =0.1.16, =0.0.1, =0.1.0, =0.1.2 Source cves: CVE-2020-11010 Source advisory: OSV:PYSEC-2020-144...
Sql injection
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...
digicubes-server (>=0.0.1 <=0.0.5) potentially affected by CVE-2020-11010 via tortoise-orm (=0.13.9)
tortoise-orm PYPI version =0.13.9 is affected by a known vulnerability. The following packages have a transitive dependency on tortoise-orm and may be impacted: - digicubes-server =0.0.1, =0.0.5 Source cves: CVE-2020-11010 Source advisory: OSV:PYSEC-2020-144...
CVE-2020-11010
CVE-2020-11010 affects Tortoise ORM prior to versions 0.15.23 and 0.16.6. The issue is a SQL injection vulnerability in filtering or mass-updating on char/text fields. MySQL is directly affected; SQLite and PostgreSQL are affected only when using contains, starts_with, or ends_with filters (and t...
CVE-2020-11010 SQL injection in Tortoise ORM
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...
aerich (>=0.5.0 <=0.5.1), aiowebthing (>=0.1.16 <=0.1.25) +5 more potentially affected by CVE-2020-11010 via tortoise-orm (>=0.16.13 <=0.16.21)
tortoise-orm PYPI version =0.16.13, =0.5.0, =0.1.16, =0.0.1, =0.1.0, =0.1.2 Source cves: CVE-2020-11010 Source advisory: OSV:GHSA-9J2C-X8QM-QMJQ...
digicubes-server (>=0.0.1 <=0.0.5) potentially affected by CVE-2020-11010 via tortoise-orm (=0.13.9)
tortoise-orm PYPI version =0.13.9 is affected by a known vulnerability. The following packages have a transitive dependency on tortoise-orm and may be impacted: - digicubes-server =0.0.1, =0.0.5 Source cves: CVE-2020-11010 Source advisory: OSV:GHSA-9J2C-X8QM-QMJQ...
SQL injection in Tortoise ORM
Impact Various forms of SQL injection has been found, for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL was only affected when filtering with contains, startswith or endswith filters and their case-insensitive counterparts Patches Please upgrade to 0.15.2...
GHSA-9J2C-X8QM-QMJQ SQL injection in Tortoise ORM
Impact Various forms of SQL injection has been found, for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL was only affected when filtering with contains, startswith or endswith filters and their case-insensitive counterparts Patches Please upgrade to 0.15.2...