Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.

Related bugs and status

CVE-2012-0805 (Candidate) is related to these bugs:

Bug #918608: SQL injection through limit parameter

Summary				In	Importance	Status
	918608	SQL injection through limit parameter		OpenStack Identity (keystone)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.debian.org/...
MISC: http://www.mandriva.co...
MISC: http://rhn.redhat.com/...
MISC: http://www.sqlalchemy....
MISC: http://www.sqlalchemy....
MISC: https://exchange.xforc...