Security Release for issue #93
Briefly

from Tryton Discussion5 months ago
Cédric Krier has identified that python-sql does not properly escape non-Expression for unary operators, exposing systems to potential SQL injection vulnerabilities.
Tryton Discussionhttps://discuss.tryton.org/t/security-release-for-issue-93/7889
With a CVSS v3.0 Base Score of 9.1, the identified SQL injection vulnerability demonstrates a significant risk, particularly due to its low attack complexity and requirements.
Tryton Discussionhttps://discuss.tryton.org/t/security-release-for-issue-93/7889
Affected users of python-sql are strongly advised to upgrade to version 1.5.2 or later to mitigate the security risk of this vulnerability.
Tryton Discussionhttps://discuss.tryton.org/t/security-release-for-issue-93/7889
Due to the nature of the vulnerability, there is currently no known workaround besides upgrading the affected versions of python-sql.
Tryton Discussionhttps://discuss.tryton.org/t/security-release-for-issue-93/7889
Read at Tryton Discussion
#sql-injection #python-sql #cybersecurity #vulnerability #upgrade-required
[
|
]