CVE-2019-7164: python-sqlalchemy: SQL Injection when the order_by parameter can be controlled

Severity: Critical

CVSS Score: 9.8

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.