Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1
CVE-2023-47128
- EPSS 0.23%
- Veröffentlicht 10.11.2023 18:15:09
- Zuletzt bearbeitet 21.11.2024 08:29:50
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihoo...
5.3
CVE-2023-41885
- EPSS 0.35%
- Veröffentlicht 12.09.2023 21:15:08
- Zuletzt bearbeitet 21.11.2024 08:21:51
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users...
1