Lucene search

Veracode Vulnerability DatabaseVERACODE:45407

HistoryFeb 08, 2024 - 7:14 a.m.

SQL Injection

2024-02-0807:14:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sqlalchemyda

vulnerability

sql injection

improper validation

attacker

arbitrary

database

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.001

Percentile

48.9%

JSON

SQLAlchemyDA is vulnerable to SQL Injection. The vulnerability is due to improper validation of SQL statements within the SQLAlchemyDA instance. This issue can be exploited by an attacker to execute arbitrary SQL statements in the database.

References

github.com/advisories/GHSA-r3jc-3qmm-w3pw

github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215a

github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pw

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.001

Percentile

48.9%

JSON

Related for VERACODE:45407