Home > Vulnerability Database > CVE-2024-24811

Mend.io Vulnerability Database

CVE-2024-24811

Good to know:

Date: February 7, 2024

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.

Language: Python

Severity Score

9.8

Related Resources (5)

Url: https://github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215a

Url: https://github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pw

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24811

Url: https://github.com/zopefoundation/Products.SQLAlchemyDA

Url: https://www.mend.io/vulnerability-database/CVE-2024-24811

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version products.sqlalchemyda - 2.2;products-sqlalchemyda - 2.2

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24811

Good to know:

Date: February 7, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?