Preface: SQLAlchemy is an open-source SQL toolkit and object-relational mapper (ORM) for the Python programming language released under the MIT License.
Who is their customer?
SQLAlchemy is used by organizations such as:
Yelp!
reddit
DropBox
The OpenStack Project
Survey Monkey
Modern programming languages are almost all object-oriented. While most object-oriented languages offer developer benefits such as componentization of code, ease of maintenance, possibility of reuse. This is the fact that they need for an OR mapper.
Vulnerability detail: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
Remedy:
SQLAlchemy has released a software updates at the following link: