An input sanitation flaw in SQLAlchemy allows remote attacker to conduct SQL injection.
Package | dev-python/sqlalchemy on all architectures |
---|---|
Affected versions | < 0.7.4 |
Unaffected versions | >= 0.7.4 |
SQLAlchemy is a Python SQL toolkit and Object Relational Mapper.
SQLAlchemy does not properly sanitize input passed from the “limit” and “offset” keywords to the select() function before using it in an SQL query.
A remote attacker could exploit this vulnerability to execute arbitrary SQL statements.
There is no known workaround at this time.
All SQLAlchemy users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/sqlalchemy-0.7.4"
Release date
September 26, 2012
Latest revision
September 26, 2012: 1
Severity
normal
Exploitable
remote
Bugzilla entries