MITRE CVE reports:
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4
allows SQL Injection if untrusted data is used as a tolerance parameter
in GIS functions and aggregates on Oracle. By passing a suitably crafted
tolerance to GIS functions and aggregates on Oracle, it was possible to
break escaping and inject malicious SQL.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py27-django111 | < 1.11.29 | UNKNOWN |
FreeBSD | any | noarch | py35-django111 | < 1.11.29 | UNKNOWN |
FreeBSD | any | noarch | py36-django111 | < 1.11.29 | UNKNOWN |
FreeBSD | any | noarch | py37-django111 | < 1.11.29 | UNKNOWN |
FreeBSD | any | noarch | py38-django111 | < 1.11.29 | UNKNOWN |
FreeBSD | any | noarch | py35-django22 | < 2.2.11 | UNKNOWN |
FreeBSD | any | noarch | py36-django22 | < 2.2.11 | UNKNOWN |
FreeBSD | any | noarch | py37-django22 | < 2.2.11 | UNKNOWN |
FreeBSD | any | noarch | py38-django22 | < 2.2.11 | UNKNOWN |
FreeBSD | any | noarch | py36-django30 | < 3.0.4 | UNKNOWN |