An update for python-sqlalchemy is now available for openEuler-20.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1274
Final
1.0
1.0
2021-07-24
Initial
2021-07-24
2021-07-24
openEuler SA Tool V1.0
2021-07-24
python-sqlalchemy security update
An update for python-sqlalchemy is now available for openEuler-20.03-LTS-SP1.
SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. It contains a powerful mapping layer that users can choose to work as automatically or as manually, determining relationships based on foreign keys or to bridge the gap between database and domain by letting you define the join conditions explicitly.
Security Fix(es):
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.(CVE-2019-7548)
An update for python-sqlalchemy is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
python-sqlalchemy
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1274
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-7548
https://nvd.nist.gov/vuln/detail/CVE-2019-7548
openEuler-20.03-LTS-SP1
python-sqlalchemy-debuginfo-1.2.19-3.oe1.aarch64.rpm
python-sqlalchemy-debugsource-1.2.19-3.oe1.aarch64.rpm
python2-sqlalchemy-1.2.19-3.oe1.aarch64.rpm
python3-sqlalchemy-1.2.19-3.oe1.aarch64.rpm
python-sqlalchemy-help-1.2.19-3.oe1.noarch.rpm
python-sqlalchemy-1.2.19-3.oe1.src.rpm
python-sqlalchemy-debugsource-1.2.19-3.oe1.x86_64.rpm
python-sqlalchemy-debuginfo-1.2.19-3.oe1.x86_64.rpm
python2-sqlalchemy-1.2.19-3.oe1.x86_64.rpm
python3-sqlalchemy-1.2.19-3.oe1.x86_64.rpm
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
2021-07-24
CVE-2019-7548
openEuler-20.03-LTS-SP1
Medium
7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
python-sqlalchemy security update
2021-07-24
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1274