Lucene search

GitHub Advisory DatabaseGHSA-PV4P-CWWG-4RPH

HistoryAug 07, 2024 - 3:30 p.m.

Django SQL injection vulnerability

2024-08-0715:30:42

CWE-89

GitHub Advisory Database

github.com

django

sql injection

queryset

values_list

models

jsonfield

sql

injection

column aliases

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

30.6%

JSON

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

Affected configurations

Vulners

Node

djangoRange<4.2.15

djangoRange<5.0.8

VendorProductVersionCPE
*django*cpe:2.3:a:*:django:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	django	*	cpe:2.3:a::django::::::::*

References

docs.djangoproject.com/en/dev/releases/security

github.com/advisories/GHSA-pv4p-cwwg-4rph

github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d

github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28

github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml

groups.google.com/forum/#%21forum/django-announce

nvd.nist.gov/vuln/detail/CVE-2024-42005

www.djangoproject.com/weblog/2024/aug/06/security-releases

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

30.6%

JSON

Related for GHSA-PV4P-CWWG-4RPH