Grigipublished

**Name of the Vulnerable Software and Affected Versions** Tortoise ORM versions prior to 0.15.23 Tortoise ORM versions prior to 0.16.6 **Description** The issue affects Tortoise ORM, where various forms of SQL injection have been found for MySQL when filtering or doing mass-updates on char/text fields. SQLite and PostgreSQL are only affected when filtering with `contains`, `starts with`, or `ends with` filters (and their case-insensitive counterparts). **Recommendations** For Tortoise ORM versions prior to 0.15.23, please upgrade to 0.15.23 or later. For Tortoise ORM versions prior to 0.16.6, please upgrade to 0.16.6 or later.