CVE-2020-11010

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).
Configurations

Configuration 1

cpe:2.3:a:tortoise_orm_project:tortoise_orm:*:*:*:*:*:*:*:*
cpe:2.3:a:tortoise_orm_project:tortoise_orm:*:*:*:*:*:*:*:*

Information

Published : 2020-04-20 10:15

Updated : 2020-04-28 05:16


NVD link : CVE-2020-11010

Mitre link : CVE-2020-11010

Products Affected
No products.
CWE