CVE-2020-11010

Опубликовано: 20 апр. 2020

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).

Ссылки

https://github.com/tortoise/tortoise-orm/commit/91c364053e0ddf77edc5442914c6f049512678b3
Patch
Third Party Advisory
https://github.com/tortoise/tortoise-orm/security/advisories/GHSA-9j2c-x8qm-qmjq
Third Party Advisory
https://github.com/tortoise/tortoise-orm/commit/91c364053e0ddf77edc5442914c6f049512678b3
Patch
Third Party Advisory
https://github.com/tortoise/tortoise-orm/security/advisories/GHSA-9j2c-x8qm-qmjq
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tortoise_orm_project:tortoise_orm:*:*:*:*:*:*:*:*

Версия до 0.15.23 (исключая)

cpe:2.3:a:tortoise_orm_project:tortoise_orm:*:*:*:*:*:*:*:*

Версия от 0.16.0 (включая) до 0.16.6 (исключая)

EPSS

Процентиль: 47%

0.00245

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-9j2c-x8qm-qmjq

CVSS3: 6.3

github

почти 6 лет назад

SQL injection in Tortoise ORM

EPSS

Процентиль: 47%

0.00245

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89