Sqlalchemy · Sqlalchemy · CVE-2012-0805
**Name of the Vulnerable Software and Affected Versions**
SQLAlchemy versions prior to 0.7.0b4
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `limit` or `offset` keyword to the `select` function. Additionally, unspecified vectors to the `select.limit` or `select.offset` function can be used.
**Recommendations**
For versions prior to 0.7.0b4, update to version 0.7.0b4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `select` function with `limit` and `offset` keywords, as well as the `select.limit` and `select.offset` functions, until a patch is applied.