yes. per the headline linked in that article: "SQLAlchemy through 1.2.17 and 1.3.x **through 1.3.0b2** allows SQL Injection via the order_by parameter." Version 1.3.8 is much newer than version 1.3.0b2. The changelog for the issue is noted in 1.3.0b3 at https://docs.sqlalchemy.org/en/13/changelog/changelog_13.html#change-096e1e64a6a2c7ad62313c83506341a3 .
On Fri, Sep 13, 2019, at 5:07 AM, 'ANAND NARAYAN' via sqlalchemy wrote: > Hi, > Is the security vulneratbility listed in National Vulnerability Database > (https://nvd.nist.gov/vuln/detail/CVE-2019-7164 > <https://nvd.nist.gov/vuln/detail/CVE-2019-7164#vulnCurrentDescriptionTitle>) > fixed in latest version v1.3.8 ? > > Thanks > > Regards > Anand > > > -- > SQLAlchemy - > The Python SQL Toolkit and Object Relational Mapper > > http://www.sqlalchemy.org/ > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > --- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sqlalchemy+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/sqlalchemy/bd155880-23fe-4c1c-8568-3c07d40341fa%40googlegroups.com > > <https://groups.google.com/d/msgid/sqlalchemy/bd155880-23fe-4c1c-8568-3c07d40341fa%40googlegroups.com?utm_medium=email&utm_source=footer>. -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/5aa56960-e7f7-4285-8ffa-014b60388da4%40www.fastmail.com.
