Brian thanks for sharing the information. Best Regards, Anand
On Friday, September 13, 2019 at 8:01:22 PM UTC+5:30, Mike Bayer wrote: > > yes. per the headline linked in that article: "SQLAlchemy through 1.2.17 > and 1.3.x **through 1.3.0b2** allows SQL Injection via the order_by > parameter." Version 1.3.8 is much newer than version 1.3.0b2. The > changelog for the issue is noted in 1.3.0b3 at > https://docs.sqlalchemy.org/en/13/changelog/changelog_13.html#change-096e1e64a6a2c7ad62313c83506341a3 > > . > > > > On Fri, Sep 13, 2019, at 5:07 AM, 'ANAND NARAYAN' via sqlalchemy wrote: > > Hi, > Is the security vulneratbility listed in National Vulnerability Database ( > https://nvd.nist.gov/vuln/detail/CVE-2019-7164 > <https://nvd.nist.gov/vuln/detail/CVE-2019-7164#vulnCurrentDescriptionTitle>) > fixed in latest version v1.3.8 ? > > Thanks > > Regards > Anand > > > -- > SQLAlchemy - > The Python SQL Toolkit and Object Relational Mapper > > http://www.sqlalchemy.org/ > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > --- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sqlal...@googlegroups.com <javascript:>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/sqlalchemy/bd155880-23fe-4c1c-8568-3c07d40341fa%40googlegroups.com > > <https://groups.google.com/d/msgid/sqlalchemy/bd155880-23fe-4c1c-8568-3c07d40341fa%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/56f6d409-1d40-442d-a544-76a5491c58d9%40googlegroups.com.
