Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2020-9402HistoryMar 05, 2020 - 3:15 p.m.
CVE-2020-9402
2020-03-0515:15:00
Debian Security Bug Tracker
security-tracker.debian.org
10
0.141 Low
EPSS
Percentile
95.7%
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | python-django | <Â 2:2.2.11-1 | python-django_2:2.2.11-1_all.deb |
| Debian | 11 | all | python-django | <Â 2:2.2.11-1 | python-django_2:2.2.11-1_all.deb |
| Debian | 10 | all | python-django | <Â 1:1.11.29-1~deb10u1 | python-django_1:1.11.29-1~deb10u1_all.deb |
| Debian | 999 | all | python-django | <Â 2:2.2.11-1 | python-django_2:2.2.11-1_all.deb |
| Debian | 13 | all | python-django | <Â 2:2.2.11-1 | python-django_2:2.2.11-1_all.deb |
Related
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : Django vulnerability (USN-4296-1)
2020-03-06 00:00:00
FreeBSD : Django -- potential SQL injection vulnerability (1685144e-63ff-11ea-a93a-080027846a02)
2020-03-12 00:00:00
Debian DLA-3024-1 : python-django - LTS security update
2022-05-27 00:00:00
osv
osv
python-django - security update
2022-05-26 00:00:00
SQL injection in Django
2020-06-05 14:52:07
CVE-2020-9402
2020-03-05 15:15:12
openvas
openvas
Ubuntu: Security Advisory (USN-4296-1)
2020-03-05 00:00:00
Django 1.11.x < 1.11.29, 2.2.x < 2.2.11, 3.0.x < 3.0.4 SQL Injection Vulnerability - Windows
2020-03-06 00:00:00
Debian: Security Advisory (DLA-3024-1)
2022-05-27 00:00:00
nuclei
nuclei
Django SQL Injection
2021-07-26 17:18:45
cvelist
cvelist
CVE-2020-9402
2020-03-05 14:49:57
freebsd
freebsd
Django -- potential SQL injection vulnerability
2020-02-25 00:00:00
ubuntucve
ubuntucve
CVE-2020-9402
2020-03-04 00:00:00
github
github
SQL injection in Django
2020-06-05 14:52:07
prion
prion
Sql injection
2020-03-05 15:15:00
cve
cve
CVE-2020-9402
2020-03-05 15:15:00
veracode
veracode
SQL Injection
2020-03-05 05:52:41
archlinux
archlinux
[ASA-202003-5] python-django: sql injection
2020-03-08 00:00:00
alpinelinux
alpinelinux
CVE-2020-9402
2020-03-05 15:15:00
debian
debian
[SECURITY] [DLA 3024-1] python-django security update
2022-05-26 11:06:05
[SECURITY] [DSA 4705-1] python-django security update
2020-06-18 08:51:53
[SECURITY] [DSA 4705-1] python-django security update
2020-06-18 08:52:14
redhatcve
redhatcve
CVE-2020-9402
2020-03-04 14:41:07
ubuntu
ubuntu
Django vulnerability
2020-03-04 00:00:00
altlinux
altlinux
fedora
fedora
[SECURITY] Fedora 32 Update: python-django-3.0.7-1.fc32
2020-06-19 01:05:39
[SECURITY] Fedora 31 Update: python-django-2.2.13-1.fc31
2020-06-19 01:07:50
gentoo
gentoo
Django: Multiple vulnerabilities
2020-04-30 00:00:00
redhat
redhat
(RHSA-2021:1313) Moderate: Satellite 6.9 Release
2021-04-21 12:43:38