{"id":"PYSEC-2020-144","details":"In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).","aliases":["CVE-2020-11010","GHSA-9j2c-x8qm-qmjq"],"modified":"2023-11-08T04:02:03.112341Z","published":"2020-04-20T22:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/tortoise/tortoise-orm/security/advisories/GHSA-9j2c-x8qm-qmjq"},{"type":"FIX","url":"https://github.com/tortoise/tortoise-orm/commit/91c364053e0ddf77edc5442914c6f049512678b3"}],"affected":[{"package":{"name":"tortoise-orm","ecosystem":"PyPI","purl":"pkg:pypi/tortoise-orm"},"ranges":[{"type":"GIT","repo":"https://github.com/tortoise/tortoise-orm","events":[{"introduced":"0"},{"fixed":"91c364053e0ddf77edc5442914c6f049512678b3"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.23"},{"introduced":"0.16.0"},{"fixed":"0.16.6"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.2.0","0.3.0","0.3.1","0.3.2","0.3.3","0.4.0","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.6.0","0.6.1","0.6.2","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.7.10","0.8.0","0.8.1","0.8.2","0.9.0","0.9.1","0.9.2","0.9.4","0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.10.6","0.10.7","0.10.8","0.10.9","0.10.10","0.10.11","0.11.0","0.11.1","0.11.2","0.11.3","0.11.4","0.11.5","0.11.6","0.11.7","0.11.8","0.11.9","0.11.10","0.11.11","0.11.12","0.11.13","0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.12.6","0.12.7","0.12.8","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.13.9","0.13.10","0.13.11","0.13.12","0.14.0","0.14.1","0.14.2","0.15.0","0.15.1","0.15.2","0.15.3","0.15.4","0.15.5","0.15.6","0.15.7","0.15.8","0.15.9","0.15.10","0.15.11","0.15.12","0.15.13","0.15.14","0.15.15","0.15.16","0.15.17","0.15.18","0.15.19","0.15.20","0.15.21","0.15.22","0.16.0","0.16.1","0.16.2","0.16.3","0.16.4","0.16.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tortoise-orm/PYSEC-2020-144.yaml"}}],"schema_version":"1.7.3"}