Security Release for issue #92

Ashish Kunwar has found that python-sql accepts any string in the offset or limit parameters when python is ran with -O which makes any system exposing those vulnerable to an SQL injection attack.

Impact

CVSS v3.0 Base Score: 9.1

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Scope: Changed
• Confidentiality: High
• Integrity: Low
• Availability: Low

Workaround

Do not use the -O switch or PYTHONOPTIMIZE environment variable when executing python.

Resolution

All affected users should upgrade python-sql to the latest version.

Affected versions: <= 1.5.0
Non affected versions: >= 1.5.1

Reference

• SQL Injection vulnerability via offset parameter (#92) · Issues · Tryton / python-sql · GitLab

Concerns?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/python-sql with the confidential checkbox checked.

This topic was automatically closed after 30 days. New replies are no longer allowed.