Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ

SQLAlchemyDA unauthenticated arbitrary SQL query execution

Impact

The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected.

Patches

The problem has been patched in version 2.2.

Workarounds

There is no workaround. All users are urged to upgrade to version 2.2

Permalink: https://github.com/advisories/GHSA-r3jc-3qmm-w3pw
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 23 days ago
Updated: 16 days ago


CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-r3jc-3qmm-w3pw, CVE-2024-24811
References:

Affected Packages

pypi:Products.SQLAlchemyDA
Versions: < 2.2
Fixed in: 2.2