Lucene search

K

GoogleOSV:GHSA-WQJJ-HX84-V449

HistoryMay 17, 2022 - 3:07 a.m.

Django Vulnerable to MySQL Injection

2022-05-1703:07:04

Google

osv.dev

8

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.4%

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to “MySQL typecasting.”

CPENameOperatorVersion
djangoeq1.2.4
djangoeq1.4.10
djangoeq1.0.2
djangoeq1.3.7
djangoeq1.4.4
djangoeq1.4
djangoeq1.4.5
djangoeq1.0.3
djangoeq1.2.7
djangoeq1.3.6

Rows per page:

1-10 of 451

References

lists.opensuse.org/opensuse-updates/2014-09/msg00023.html

rhn.redhat.com/errata/RHSA-2014-0456.html

rhn.redhat.com/errata/RHSA-2014-0457.html

www.debian.org/security/2014/dsa-2934

www.ubuntu.com/usn/USN-2169-1

github.com/django/django

github.com/django/django/commit/5f0829a27e85d89ad8c433f5c6a7a7d17c9e9292

github.com/django/django/commit/985434fb1d6bf2335bf96c6ebf91c3674f1f399f

github.com/django/django/commit/aa80f498de6d687e613860933ac58433ab71ea4b

nvd.nist.gov/vuln/detail/CVE-2014-0474

www.djangoproject.com/weblog/2014/apr/21/security

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.4%

Related for OSV:GHSA-WQJJ-HX84-V449

github1 debiancve1 gitlab1 cve1 prion1 ubuntucve1 osv2 nessus12 openvas27 fedora15 mageia1 redhat2 ubuntu2 ibm1 freebsd1 gentoo1 debian2 securityvulns1