Lucene search
Gentoo FoundationMGASA-2022-0281HistoryAug 13, 2022 - 5:32 a.m.
Updated python-django packages fix security vulnerability
2022-08-1305:32:35
Gentoo Foundation
advisories.mageia.org
134
0.184 Low
EPSS
Percentile
96.2%
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. (CVE-2022-34265) An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. (CVE-2022-36359)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | python-django | < 3.2.15-1 | python-django-3.2.15-1.mga8 |
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0281)
2022-08-15 00:00:00
Django < 3.2.14, 4.x < 4.0.6 SQLi Vulnerability - Linux
2022-07-05 00:00:00
openSUSE: Security Advisory for python (openSUSE-SU-2022:10103-1)
2024-03-04 00:00:00
altlinux
altlinux
nessus
nessus
osv
osv
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
2022-08-11 18:12:35
python-django vulnerability
2022-08-04 15:56:54
githubexploit
githubexploit
Exploit for SQL Injection in Djangoproject Django
2022-08-24 07:29:30
Exploit for SQL Injection in Djangoproject Django
2022-07-13 13:02:41
Exploit for SQL Injection in Djangoproject Django
2022-09-08 21:22:28
alpinelinux
alpinelinux
CVE-2022-34265
2022-07-04 16:15:00
CVE-2022-36359
2022-08-03 14:15:00
ubuntu
ubuntu
Django vulnerability
2022-08-04 00:00:00
Django vulnerability
2022-07-04 00:00:00
suse
suse
Security update for python-Django (important)
2022-08-27 00:00:00
debiancve
debiancve
CVE-2022-36359
2022-08-03 14:15:00
CVE-2022-34265
2022-07-04 16:15:00
github
github
Django vulnerable to Reflected File Download attack
2022-08-11 14:49:12
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
2022-08-11 18:12:35
ubuntucve
ubuntucve
CVE-2022-36359
2022-08-03 00:00:00
CVE-2022-34265
2022-07-04 00:00:00
veracode
veracode
Information Disclosure
2022-08-04 06:24:41
SQL Injection
2022-07-05 04:15:37
freebsd
freebsd
Django -- multiple vulnerabilities
2022-08-01 00:00:00
Django -- multiple vulnerabilities
2022-06-21 00:00:00
prion
prion
Sql injection
2022-07-04 16:15:00
Input validation
2022-08-03 14:15:00
jvn
jvn
JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection
2022-07-12 00:00:00
cve
cve
CVE-2022-36359
2022-08-03 14:15:00
CVE-2022-34265
2022-07-04 16:15:00
cvelist
cvelist
CVE-2022-36359
2022-08-03 00:00:00
CVE-2022-34265
2022-07-04 00:00:00
redhat
redhat
(RHSA-2022:5738) Important: Django 3.2.14 Security Update
2022-07-27 14:32:20
(RHSA-2022:8506) Important: Satellite 6.12 Release
2022-11-16 13:21:30
redhatcve
redhatcve
CVE-2022-34265
2022-07-04 14:36:30
fedora
fedora
[SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37
2023-04-28 02:04:16
[SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38
2023-04-28 02:37:47
debian
debian
[SECURITY] [DSA 5254-1] python-django security update
2022-10-15 16:01:17
[SECURITY] [DLA 3164-1] python-django security update
2022-10-28 17:29:18
rocky
rocky
Satellite 6.12 Release
2022-11-16 13:21:30