SQL Injection Affecting pyorient package, versions [,1.4.7)

Snyk CVSS

Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-PYORIENT-40629
published 15 Oct 2017
disclosed 6 Feb 2016
credit Predrag Gruevski

Report a new vulnerability Found a mistake?

Introduced: 6 Feb 2016

CWE-89 Open this link in a new tab

Overview

pyorient is a Orientdb driver for python that uses the binary protocol.

Affected versions of this package vulnerable to SQL Injection. An attacker could change the WHERE clause in a query and cause it to return unexpected results.

References

Github Issue
Github PR
Github Commit #1
Github Commit #2