Name of the Vulnerable Software and Affected Versions SQLAlchemy version 1.2.17

Description The issue allows for SQL Injection when the group by parameter can be controlled.

Recommendations For version 1.2.17, consider restricting access to the group by parameter to prevent its manipulation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.