{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-17T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "sqlalchemy-select-sql-injection(73756)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73756"}, {"name": "MDVSA-2012:059", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:059"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/keystone/+bug/918608"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/"}, {"name": "DSA-2449", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2449"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sqlalchemy.org/changelog/CHANGES_0_7_0"}, {"name": "48771", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48771"}, {"name": "48328", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48328"}, {"name": "48327", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48327"}, {"name": "RHSA-2012:0369", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0369.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:14.544Z"}, "title": "CVE Program Container", "references": [{"name": "sqlalchemy-select-sql-injection(73756)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73756"}, {"name": "MDVSA-2012:059", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:059"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/keystone/+bug/918608"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/"}, {"name": "DSA-2449", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2449"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sqlalchemy.org/changelog/CHANGES_0_7_0"}, {"name": "48771", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48771"}, {"name": "48328", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48328"}, {"name": "48327", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48327"}, {"name": "RHSA-2012:0369", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0369.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0805", "datePublished": "2012-06-05T22:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.544Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:*:b3:*:*:*:*:*:*", "matchCriteriaId": "4B32A5D4-162C-4654-B6E7-E8D271E88671", "versionEndIncluding": "0.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "94518B16-2C66-4780-AB6A-5820E5B42541", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "EAFCDB6C-3EFA-48F1-97EF-556164009DAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "17B3E248-DC0A-4D88-A10D-68536680BDCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "B19B128B-2964-4D95-BC12-CEB58798B197", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "0AB122B6-95A7-46EB-82B7-7E15A609912B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D56A8DE1-2D45-42A7-9A20-1B439AD2C4F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "9F19F24F-382E-46D5-B480-BB8B9A1AC478", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "FD66FBB8-8F2C-4CE8-9037-4957012E6130", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "207C9A7C-2F48-477C-ABAE-C8B16163F1F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "7A2B6833-08D0-4BA6-BF53-667761708781", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "9ECF613D-1500-4675-A696-D5E97E39D490", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.7.0:b1:*:*:*:*:*:*", "matchCriteriaId": "A77D2681-00DE-49A1-AEF9-D0B824C5E554", "vulnerable": true}, {"criteria": "cpe:2.3:a:sqlalchemy:sqlalchemy:0.7.0:b2:*:*:*:*:*:*", "matchCriteriaId": "DEB7B147-FD30-45C2-8C85-AD3E59305B2B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en SQLAlchemy antes v0.7.0b4, tal y como se usa en Keystone, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de las palabras clave (1) limit (l\u00edmite) o (2) offset (desplazamiento) a la funci\u00f3n de select (selecci\u00f3n), o de vectores no especificados a las funciones (3) select.limit o (4) select.offset."}], "id": "CVE-2012-0805", "lastModified": "2018-01-18T02:29:07.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-05T22:55:08.077", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0369.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48327"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48328"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48771"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2449"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:059"}, {"source": "secalert@redhat.com", "url": "http://www.sqlalchemy.org/changelog/CHANGES_0_7_0"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/keystone/+bug/918608"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73756"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0369", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "python-sqlalchemy-0:0.5.5-3.el6_2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-03-07T00:00:00Z"}], "bugzilla": {"description": "python-sqlalchemy: SQL injection flaw due to not checking LIMIT input for correct type", "id": "783305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783305"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function."], "name": "CVE-2012-0805", "public_date": "2012-03-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-0805\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0805"], "threat_severity": "Moderate"}