{"schema_version":"1.7.2","id":"OESA-2021-1071","modified":"2021-03-05T11:02:40Z","published":"2021-03-05T11:02:40Z","upstream":["CVE-2019-7164"],"summary":"python-sqlalchemy security update","details":"SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. It contains a powerful mapping layer that users can choose to work as automatically or as manually, determining relationships based on foreign keys or to bridge the gap between database and domain by letting you define the join conditions explicitly.\n\r\nSecurity Fix(es):\n\r\nSQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.(CVE-2019-7164)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"python-sqlalchemy","purl":"pkg:rpm/openEuler/python-sqlalchemy\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.19-3.oe1"}]}],"ecosystem_specific":{"aarch64":["python3-sqlalchemy-1.2.19-3.oe1.aarch64.rpm","python-sqlalchemy-debugsource-1.2.19-3.oe1.aarch64.rpm","python-sqlalchemy-debuginfo-1.2.19-3.oe1.aarch64.rpm","python2-sqlalchemy-1.2.19-3.oe1.aarch64.rpm"],"noarch":["python-sqlalchemy-help-1.2.19-3.oe1.noarch.rpm"],"src":["python-sqlalchemy-1.2.19-3.oe1.src.rpm"],"x86_64":["python3-sqlalchemy-1.2.19-3.oe1.x86_64.rpm","python-sqlalchemy-debuginfo-1.2.19-3.oe1.x86_64.rpm","python2-sqlalchemy-1.2.19-3.oe1.x86_64.rpm","python-sqlalchemy-debugsource-1.2.19-3.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1071"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7164"}],"database_specific":{"severity":"Critical"}}