Satterly

**Name of the Vulnerable Software and Affected Versions** Alerta versions prior to 9.1.0 **Description** Alerta, a monitoring tool, had a SQL injection issue in the Query string search API. The vulnerability stemmed from directly interpolating user-supplied search terms into SQL strings via f-strings when building WHERE clauses using the Postgres query parser. The API endpoint ''/'' with the `q` parameter was susceptible to this issue. **Recommendations** Upgrade to version 9.1.0 or later. If an upgrade is not possible, deploy a proxy to sanitize the `q` parameter before it reaches the Alerta API.