(RHSA-2022:5702) Important: Red Hat Ansible Automation Platform 2.1.2 security and bug fix update

2022-07-25T18:07:53

Description

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Security Fix(es): * automation-controller: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346) * automation-controller: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347) * python-django: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346) * python-django: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Package

OS	OS Version	Package Name	Package Version
RedHat	8	python38-markupsafe	2.0.1-2.el8pc
RedHat	8	python-jinja2	3.0.3-1.el8pc
RedHat	8	pulpcore-selinux	1.3.1-1.el8ap
RedHat	8	python38-jinja2	3.0.3-1.el8pc
RedHat	8	automation-controller-venv-tower	4.1.2-2.el8ap
RedHat	8	python-django	3.2.13-1.el8pc
RedHat	8	python3-markupsafe-debuginfo	2.0.1-2.el8pc
RedHat	8	python38-django	3.2.13-1.el8pc
RedHat	8	pulpcore-selinux	1.3.1-1.el8ap
RedHat	8	python-naya	1.1.1-1.el8pc
RedHat	8	automation-controller	4.1.2-2.el8ap
RedHat	8	python38-markupsafe-debuginfo	2.0.1-2.el8pc
RedHat	8	python-markupsafe-debugsource	2.0.1-2.el8pc
RedHat	8	automation-controller-cli	4.1.2-2.el8ap
RedHat	8	python38-naya	1.1.1-1.el8pc
RedHat	8	python-pulpcore	3.15.9-2.el8pc
RedHat	8	python38-pulpcore	3.15.9-2.el8pc
RedHat	8	python-markupsafe	2.0.1-2.el8pc
RedHat	8	python-markupsafe-debuginfo	2.0.1-2.el8pc
RedHat	8	automation-controller-server	4.1.2-2.el8ap
RedHat	8	automation-controller	4.1.2-2.el8ap
RedHat	8	automation-controller-ui	4.1.2-2.el8ap

{"id": "RHSA-2022:5702", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2022:5702) Important: Red Hat Ansible Automation Platform 2.1.2 security and bug fix update", "description": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nSecurity Fix(es):\n\n* automation-controller: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)\n\n* automation-controller: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)\n\n* python-django: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)\n\n* python-django: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2022-07-25T18:07:53", "modified": "2022-07-25T18:09:37", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2022:5702", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2022-28346", "CVE-2022-28347"], "immutableFields": [], "lastseen": "2022-07-25T19:49:47", "viewCount": 18, "enchantments": {"score": {"value": 2.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "altlinux", "idList": ["916EBAC408B8A005AEDCB4294ACBE1ED"]}, {"type": "archlinux", "idList": ["ASA-202204-9"]}, {"type": "cve", "idList": ["CVE-2022-28346", "CVE-2022-28347"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2982-1:BCA50"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-28346", "DEBIANCVE:CVE-2022-28347"]}, {"type": "freebsd", "idList": ["0DB46F84-B9FA-11EC-89DF-080027240888"]}, {"type": "github", "idList": ["GHSA-2GWJ-7JMV-H26R", "GHSA-W24H-V9QH-8GXJ"]}, {"type": "githubexploit", "idList": ["1EF4C8A5-CBE0-550F-A94D-2EA044EEFD2C", "92BAB396-41EA-57CF-81E2-43CFD97ABFF4", "9F50AAE5-3EA3-5804-A040-09FE1281C2FB", "F80E42B7-B5D0-5191-8C3C-5424FA3076A8"]}, {"type": "mageia", "idList": ["MGASA-2022-0190"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2982.NASL", "FREEBSD_PKG_0DB46F84B9FA11EC89DF080027240888.NASL", "UBUNTU_USN-5373-1.NASL", "UBUNTU_USN-5373-2.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-2982-1", "OSV:GHSA-2GWJ-7JMV-H26R", "OSV:GHSA-W24H-V9QH-8GXJ", "OSV:PYSEC-2022-190", "OSV:PYSEC-2022-191"]}, {"type": "redhat", "idList": ["RHSA-2022:5115", "RHSA-2022:5498", "RHSA-2022:5602", "RHSA-2022:5703"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-28346", "RH:CVE-2022-28347"]}, {"type": "ubuntu", "idList": ["USN-5373-1", "USN-5373-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-28346", "UB:CVE-2022-28347"]}, {"type": "veracode", "idList": ["VERACODE:35078", "VERACODE:35090"]}]}, "vulnersScore": 2.9}, "_state": {"score": 1659993674, "dependencies": 1659988328}, "_internal": {"score_hash": "5c1e5e5836ef5e7722b522e573d74373"}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.1-2.el8pc", "packageFilename": "python38-markupsafe-2.0.1-2.el8pc.x86_64.rpm", "operator": "lt", "packageName": "python38-markupsafe"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "3.0.3-1.el8pc", "packageFilename": "python-jinja2-3.0.3-1.el8pc.src.rpm", "operator": "lt", "packageName": "python-jinja2"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "1.3.1-1.el8ap", "packageFilename": "pulpcore-selinux-1.3.1-1.el8ap.src.rpm", "operator": "lt", "packageName": "pulpcore-selinux"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.0.3-1.el8pc", "packageFilename": "python38-jinja2-3.0.3-1.el8pc.noarch.rpm", "operator": "lt", "packageName": "python38-jinja2"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.1.2-2.el8ap", "packageFilename": "automation-controller-venv-tower-4.1.2-2.el8ap.x86_64.rpm", "operator": "lt", "packageName": "automation-controller-venv-tower"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "3.2.13-1.el8pc", "packageFilename": "python-django-3.2.13-1.el8pc.src.rpm", "operator": "lt", "packageName": "python-django"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.1-2.el8pc", "packageFilename": "python3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm", "operator": "lt", "packageName": "python3-markupsafe-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.2.13-1.el8pc", "packageFilename": "python38-django-3.2.13-1.el8pc.noarch.rpm", "operator": "lt", "packageName": "python38-django"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.3.1-1.el8ap", "packageFilename": "pulpcore-selinux-1.3.1-1.el8ap.x86_64.rpm", "operator": "lt", "packageName": "pulpcore-selinux"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "1.1.1-1.el8pc", "packageFilename": "python-naya-1.1.1-1.el8pc.src.rpm", "operator": "lt", "packageName": "python-naya"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.1.2-2.el8ap", "packageFilename": "automation-controller-4.1.2-2.el8ap.x86_64.rpm", "operator": "lt", "packageName": "automation-controller"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.1-2.el8pc", "packageFilename": "python38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm", "operator": "lt", "packageName": "python38-markupsafe-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.1-2.el8pc", "packageFilename": "python-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm", "operator": "lt", "packageName": "python-markupsafe-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.1.2-2.el8ap", "packageFilename": "automation-controller-cli-4.1.2-2.el8ap.x86_64.rpm", "operator": "lt", "packageName": "automation-controller-cli"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "1.1.1-1.el8pc", "packageFilename": "python38-naya-1.1.1-1.el8pc.noarch.rpm", "operator": "lt", "packageName": "python38-naya"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "3.15.9-2.el8pc", "packageFilename": "python-pulpcore-3.15.9-2.el8pc.src.rpm", "operator": "lt", "packageName": "python-pulpcore"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "3.15.9-2.el8pc", "packageFilename": "python38-pulpcore-3.15.9-2.el8pc.noarch.rpm", "operator": "lt", "packageName": "python38-pulpcore"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "2.0.1-2.el8pc", "packageFilename": "python-markupsafe-2.0.1-2.el8pc.src.rpm", "operator": "lt", "packageName": "python-markupsafe"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.1-2.el8pc", "packageFilename": "python-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm", "operator": "lt", "packageName": "python-markupsafe-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.1.2-2.el8ap", "packageFilename": "automation-controller-server-4.1.2-2.el8ap.x86_64.rpm", "operator": "lt", "packageName": "automation-controller-server"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.1.2-2.el8ap", "packageFilename": "automation-controller-4.1.2-2.el8ap.src.rpm", "operator": "lt", "packageName": "automation-controller"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.1.2-2.el8ap", "packageFilename": "automation-controller-ui-4.1.2-2.el8ap.x86_64.rpm", "operator": "lt", "packageName": "automation-controller-ui"}], "vendorCvss": {"severity": "important"}}

{"redhat": [{"lastseen": "2022-07-25T19:49:47", "description": "Red Hat Ansible Automation Platform integrates Red Hat\u2019s automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, and use-case specific capabilities for Microsoft Windows,network, security, and more, along with Software-as-a-Service (SaaS)-based capabilities and features for organization-wide effectiveness.\n\nSecurity Fix(es):\n\n* python3-django: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)\n\n* python3-django: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-25T19:41:55", "type": "redhat", "title": "(RHSA-2022:5703) Important: Red Hat Ansible Automation Platform 1.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-07-25T19:45:51", "id": "RHSA-2022:5703", "href": "https://access.redhat.com/errata/RHSA-2022:5703", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-19T15:43:28", "description": "Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.\n\nSecurity Fix(es):\n* Django: SQL injection via QuerySet's annotate, aggregate, and extra functions (CVE-2022-28346)\n* Django: SQL injection via QuerySet's explain function on PostgreSQL (CVE-2022-28347)\n\nThis update fixes the following bugs:\n\n* Previously, when a path for a non-RHUI repository was used in the entitlement certificate, RHUI Manager logged the following error message in the `/var/log/messages` file:\n...\nInvalid entitlement path %s found\n...\n\nWith this update, the error message has been clarified and reworded to the following message:\n...\nInvalid repository download URL: %s provided\n...\n\nIn addition, this RHUI update introduces the following enhancements:\n\n* With this update, containers are now supported on RHUI. You can perform the following operations:\n** Add containers to RHUI\n** Synchronize these containers regularly along with containers from `registry.redhat.io` or any other registry of your choice\n** Offer the containers to client virtual machines using a special client configuration RPM. You can create the configuration RPM using the `rhui-manager` text user interface.\n\n* With this update, the repository synchronization status, the validity status of the RHUI CA certificate, and the statuses of services running on the RHUA, CDS, and HAProxy nodes are now available. In the case of services running on the nodes, you can view the statuses by running the `rhui-manager status` command on the RHUA node.(BZ#1636435)\n\n* With this update, you can specify the following certificates and keys during RHUI installation:\n** Custom CA certificates and keys on the RHUA node\n** Custom CA certificate and key that will be used to generate client entitlement certificates\n** Custom CA certificate and key that will be used to generate client SSL certificates\n** Custom SSL certificate and key for the web server when adding a CDS node. Note that this certificate must be usable for all the load balancers and CDS host names that you are using with your RHUI installation(BZ#2010343)\n\n* Previously, you could only access repositories by using paths with the `/pulp/content` prefix. With this update, you can now access repositories using paths containing other predefined prefixes. In addition, you can also configure protected and unprotected custom repositories to use custom prefixes.(BZ#2079376)\n\nUsers of RHUI are advised to upgrade to these updated packages that fix\nthese bugs and add these enhancements.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-19T12:55:39", "type": "redhat", "title": "(RHSA-2022:5602) Important: RHUI 4.1.1 release - Security Fixes and Enhancement Update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-07-19T12:57:17", "id": "RHSA-2022:5602", "href": "https://access.redhat.com/errata/RHSA-2022:5602", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-22T21:57:53", "description": "Security Fix(es):\n\n* SQL injection in QuerySet.annotate() aggregate() and extra()\n(CVE-2022-28346)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T11:35:03", "type": "redhat", "title": "(RHSA-2022:5115) Moderate: Red Hat OpenStack Platform 16.2 (python-django20) security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-06-22T13:22:23", "id": "RHSA-2022:5115", "href": "https://access.redhat.com/errata/RHSA-2022:5115", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-07T20:31:02", "description": "Security Fix(es):\n\n* SQL injection in QuerySet.annotate() aggregate() and extra()\n(CVE-2022-28346)\n\n* Possible XSS via '{% debug %}' template tag (CVE-2022-22818)\n\n* Denial of service possibility in file uploads (CVE-2022-23833)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-07T20:09:57", "type": "redhat", "title": "(RHSA-2022:8872) Important: Red Hat OpenStack Platform 16.1.9 (python-django20) security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22818", "CVE-2022-23833", "CVE-2022-28346"], "modified": "2022-12-07T20:11:11", "id": "RHSA-2022:8872", "href": "https://access.redhat.com/errata/RHSA-2022:8872", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-05T15:41:14", "description": "Red Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool.\n\nSecurity Fix(es):\n\n* libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c (CVE-2021-3200) \n* satellite: foreman: Authenticate remote code execution through Sendmail configuration (CVE-2021-3584)\n* candlepin: Allow unintended SCA certificate to authenticate Candlepin (CVE-2021-4142)\n* candlepin: netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n* candlepin: netty: Possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n* candlepin: netty: Request smuggling via content-length header (CVE-2021-21409)\n* tfm-rubygem-sidekiq: XSS via the queue name of the live-poll feature (CVE-2021-30151)\n* python-sqlparse: ReDoS via regular expression in StripComments filter (CVE-2021-32839)\n* libsolv: various flaws (CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938)\n* tfm-rubygem-puma: Inconsistent Interpretation of HTTP Requests in puma (CVE-2021-41136)\n* logback-classic: Remote code execution through JNDI call from within its configuration file (CVE-2021-42550)\n* candlepin: netty: Control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n* python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818)\n* python3-django: Potential bypass of an upstream access control based on URL paths (CVE-2021-44420) \n* libsolv: Heap overflow (CVE-2021-44568)\n* python3-django: Various flaws (CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818)\n* tfm-rubygem-actionpack: Information leak between requests (CVE-2022-23633)\n* tfm-rubygem-puma: rubygem-rails: Information leak between requests (CVE-2022-23634)\n* python3-django: Denial-of-service possibility in file uploads (CVE-2022-23833)\n* tfm-rubygem-sidekiq: WebUI Denial of Service caused by number of days on graph (CVE-2022-23837)\n* python3-django: Various flaws (CVE-2022-28346 CVE-2022-28347)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAdditional Changes:\n\n* New repo layout for Satellite, Utils, Maintenance, and Client repos.\n* Support for RHEL 9 clients\n* Module-based installation on RHEL 8\n* Upgrading Satellite Server and Capsule Server installations from RHEL 7 to RHEL 8\n* Connected and Disconnected servers supported on RHEL 7 and RHEL 8\n* Inter-Server Synchronization improvements\n* Puppet integration optional and disabled by default\n* Pulp 3 updated to Python 3.8\n* Change to Capsule certificate archive\n* New default port for communication with Red Hat Subscription Management * (RHSM) API on Capsule servers\n* New Content Views Page (Content Publication workflow simplification)\n* New Hosts Page (Technology Preview)\n* Registration and preview templates\n* Simplified host content source changing\n* Improved behavior for configuring and running remote jobs\n* Provisioning improvements\n* New error signaling unsupported options in TASK-Filter\n* Virt-who configuration enhanced to support Nutanix AHV\n* Cloud Connector configuration updated\n* Improved Insights adoption\n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-05T13:55:16", "type": "redhat", "title": "(RHSA-2022:5498) Moderate: Satellite 6.11 Release", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21409", "CVE-2021-30151", "CVE-2021-3200", "CVE-2021-32839", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3584", "CVE-2021-41136", "CVE-2021-4142", "CVE-2021-42550", "CVE-2021-43797", "CVE-2021-43818", "CVE-2021-44420", "CVE-2021-44568", "CVE-2021-45115", "CVE-2021-45116", "CVE-2021-45452", "CVE-2022-22818", "CVE-2022-23633", "CVE-2022-23634", "CVE-2022-23833", "CVE-2022-23837", "CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-07-05T14:19:17", "id": "RHSA-2022:5498", "href": "https://access.redhat.com/errata/RHSA-2022:5498", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-07-04T22:38:31", "description": "\n\nDjango Release reports:\n\nCVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra().\nCVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-02T00:00:00", "type": "freebsd", "title": "Django -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-04-02T00:00:00", "id": "0DB46F84-B9FA-11EC-89DF-080027240888", "href": "https://vuxml.freebsd.org/freebsd/0db46f84-b9fa-11ec-89df-080027240888.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2022-04-19T18:11:25", "description": "Arch Linux Security Advisory ASA-202204-9\n=========================================\n\nSeverity: High\nDate : 2022-04-12\nCVE-ID : CVE-2022-28346 CVE-2022-28347\nPackage : python-django\nType : sql injection\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2667\n\nSummary\n=======\n\nThe package python-django before version 4.0.4-1 is vulnerable to sql\ninjection.\n\nResolution\n==========\n\nUpgrade to 4.0.4-1.\n\n# pacman -Syu \"python-django>=4.0.4-1\"\n\nThe problems have been fixed upstream in version 4.0.4.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2022-28346 (sql injection)\n\nQuerySet.annotate(), aggregate(), and extra() methods were subject to\nSQL injection in column aliases, using a suitably crafted dictionary,\nwith dictionary expansion, as the **kwargs passed to these methods.\n\n- CVE-2022-28347 (sql injection)\n\nQuerySet.explain() method was subject to SQL injection in option names,\nusing a suitably crafted dictionary, with dictionary expansion, as the\n**options argument.\n\nImpact\n======\n\nAn attacker is able to perform an SQL injection via a specially crafted\ninput.\n\nReferences\n==========\n\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases/\nhttps://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200\nhttps://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60\nhttps://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48\nhttps://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d\nhttps://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81\nhttps://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402\nhttps://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d\nhttps://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5\nhttps://security.archlinux.org/CVE-2022-28346\nhttps://security.archlinux.org/CVE-2022-28347", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "archlinux", "title": "[ASA-202204-9] python-django: sql injection", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-04-12T00:00:00", "id": "ASA-202204-9", "href": "https://security.archlinux.org/ASA-202204-9", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "altlinux": [{"lastseen": "2022-06-10T03:04:13", "description": "3.2.13-alt1 built April 12, 2022 Anton Farygin in task [#298294](<https://git.altlinux.org/tasks/298294/>) \n--- \nApril 11, 2022 Anton Farygin \n \n \n - 3.2.12 -> 3.2.13\n - Fixes:\n * CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()\n * CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package python3-module-django version 3.2.13-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-04-12T00:00:00", "id": "916EBAC408B8A005AEDCB4294ACBE1ED", "href": "https://packages.altlinux.org/en/p10/srpms/python3-module-django/2790617034003685632", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-05-19T09:34:01", "description": "Potential SQL injection in QuerySet.annotate(), aggregate(), and extra() (CVE-2022-28346) Potential SQL injection via QuerySet.explain(**options) on PostgreSQL QuerySet.explain() (CVE-2022-28347) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T07:56:04", "type": "mageia", "title": "Updated python-django packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-05-19T07:56:04", "id": "MGASA-2022-0190", "href": "https://advisories.mageia.org/MGASA-2022-0190.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-10T19:20:50", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0db46f84-b9fa-11ec-89df-080027240888 advisory.\n\n - A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the\n **options argument, and placing the injection payload in an option name. (CVE-2022-28347)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "nessus", "title": "FreeBSD : Django -- multiple vulnerabilities (0db46f84-b9fa-11ec-89df-080027240888)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-05-03T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:py31-django40", "p-cpe:/a:freebsd:freebsd:py310-django22", "p-cpe:/a:freebsd:freebsd:py310-django32", "p-cpe:/a:freebsd:freebsd:py37-django22", "p-cpe:/a:freebsd:freebsd:py37-django32", "p-cpe:/a:freebsd:freebsd:py38-django22", "p-cpe:/a:freebsd:freebsd:py38-django32", "p-cpe:/a:freebsd:freebsd:py38-django40", "p-cpe:/a:freebsd:freebsd:py39-django22", "p-cpe:/a:freebsd:freebsd:py39-django32", "p-cpe:/a:freebsd:freebsd:py39-django40", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0DB46F84B9FA11EC89DF080027240888.NASL", "href": "https://www.tenable.com/plugins/nessus/159654", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159654);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/03\");\n\n script_cve_id(\"CVE-2022-28346\", \"CVE-2022-28347\");\n\n script_name(english:\"FreeBSD : Django -- multiple vulnerabilities (0db46f84-b9fa-11ec-89df-080027240888)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 0db46f84-b9fa-11ec-89df-080027240888 advisory.\n\n - A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13,\n and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the\n **options argument, and placing the injection payload in an option name. (CVE-2022-28347)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a\n crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/\");\n # https://vuxml.freebsd.org/freebsd/0db46f84-b9fa-11ec-89df-080027240888.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f2254a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py31-django40\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py310-django22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py310-django32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py37-django22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py37-django32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py38-django22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py38-django32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py38-django40\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py39-django22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py39-django32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py39-django40\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'py31-django40<4.0.4',\n 'py310-django22<2.2.28',\n 'py310-django32<3.2.13',\n 'py37-django22<2.2.28',\n 'py37-django32<3.2.13',\n 'py38-django22<2.2.28',\n 'py38-django32<3.2.13',\n 'py38-django40<4.0.4',\n 'py39-django22<2.2.28',\n 'py39-django32<3.2.13',\n 'py39-django40<4.0.4'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T08:35:01", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5373-1 advisory.\n\n - A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the\n **options argument, and placing the injection payload in an option name. (CVE-2022-28347)\n\n - In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. (CVE-2021-32052)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Django vulnerabilities (USN-5373-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32052", "CVE-2022-28346", "CVE-2022-28347"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:python3-django"], "id": "UBUNTU_USN-5373-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5373-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159630);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2021-32052\", \"CVE-2022-28346\", \"CVE-2022-28347\");\n script_xref(name:\"USN\", value:\"5373-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Django vulnerabilities (USN-5373-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5373-1 advisory.\n\n - A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13,\n and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the\n **options argument, and placing the injection payload in an option name. (CVE-2022-28347)\n\n - In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator\n does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses\n values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because\n HttpResponse prohibits newlines in HTTP headers. (CVE-2021-32052)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a\n crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5373-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-django package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-django\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('ubuntu.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'python3-django', 'pkgver': '2:2.2.12-1ubuntu0.11'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-django');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:21:56", "description": "The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2982 advisory.\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-14T00:00:00", "type": "nessus", "title": "Debian DLA-2982-1 : python-django - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-04-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python-django", "p-cpe:/a:debian:debian_linux:python-django-common", "p-cpe:/a:debian:debian_linux:python-django-doc", "p-cpe:/a:debian:debian_linux:python3-django", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2982.NASL", "href": "https://www.tenable.com/plugins/nessus/159742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2982. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159742);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/14\");\n\n script_cve_id(\"CVE-2022-28346\");\n\n script_name(english:\"Debian DLA-2982-1 : python-django - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2982\nadvisory.\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a\n crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-28346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/python-django\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the python-django packages.\n\nFor Debian 9 Stretch, this problem have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28346\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'python-django', 'reference': '1:1.10.7-2+deb9u16'},\n {'release': '9.0', 'prefix': 'python-django-common', 'reference': '1:1.10.7-2+deb9u16'},\n {'release': '9.0', 'prefix': 'python-django-doc', 'reference': '1:1.10.7-2+deb9u16'},\n {'release': '9.0', 'prefix': 'python3-django', 'reference': '1:1.10.7-2+deb9u16'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-django / python-django-common / python-django-doc / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:36:06", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5254 advisory.\n\n - The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. (CVE-2022-22818)\n\n - An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.\n (CVE-2022-23833)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\n - A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the\n **options argument, and placing the injection payload in an option name. (CVE-2022-28347)\n\n - An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value.\n Applications that constrain the lookup name and kind choice to a known safe list are unaffected.\n (CVE-2022-34265)\n\n - An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7.\n An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. (CVE-2022-36359)\n\n - Django reports: CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs. (CVE-2022-41323)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-16T00:00:00", "type": "nessus", "title": "Debian DSA-5254-1 : python-django - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22818", "CVE-2022-23833", "CVE-2022-28346", "CVE-2022-28347", "CVE-2022-34265", "CVE-2022-36359", "CVE-2022-41323"], "modified": "2022-10-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python-django-doc", "p-cpe:/a:debian:debian_linux:python3-django", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5254.NASL", "href": "https://www.tenable.com/plugins/nessus/166158", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5254. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166158);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/16\");\n\n script_cve_id(\n \"CVE-2022-22818\",\n \"CVE-2022-23833\",\n \"CVE-2022-28346\",\n \"CVE-2022-28347\",\n \"CVE-2022-34265\",\n \"CVE-2022-36359\",\n \"CVE-2022-41323\"\n );\n\n script_name(english:\"Debian DSA-5254-1 : python-django - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5254 advisory.\n\n - The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not\n properly encode the current context. This may lead to XSS. (CVE-2022-22818)\n\n - An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before\n 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.\n (CVE-2022-23833)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a\n crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\n - A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13,\n and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the\n **options argument, and placing the injection payload in an option name. (CVE-2022-28347)\n\n - An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract()\n database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value.\n Applications that constrain the lookup name and kind choice to a known safe list are unaffected.\n (CVE-2022-34265)\n\n - An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7.\n An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition\n header of a FileResponse when the filename is derived from user-supplied input. (CVE-2022-36359)\n\n - Django reports: CVE-2022-41323: Potential denial-of-service vulnerability in internationalized\n URLs. (CVE-2022-41323)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752\");\n # https://security-tracker.debian.org/tracker/source-package/python-django\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22eb32f6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-22818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-23833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-28346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-28347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-34265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-36359\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-41323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/python-django\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the python-django packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'python-django-doc', 'reference': '2:2.2.28-1~deb11u1'},\n {'release': '11.0', 'prefix': 'python3-django', 'reference': '2:2.2.28-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-django-doc / python3-django');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T08:35:13", "description": "The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5373-2 advisory.\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\n - In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. (CVE-2021-32052)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS : Django vulnerabilities (USN-5373-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32052", "CVE-2022-28346"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:python-django", "p-cpe:/a:canonical:ubuntu_linux:python-django-common", "p-cpe:/a:canonical:ubuntu_linux:python3-django"], "id": "UBUNTU_USN-5373-2.NASL", "href": "https://www.tenable.com/plugins/nessus/159639", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5373-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159639);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2021-32052\", \"CVE-2022-28346\");\n script_xref(name:\"USN\", value:\"5373-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : Django vulnerabilities (USN-5373-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5373-2 advisory.\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a\n crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\n - In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator\n does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses\n values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because\n HttpResponse prohibits newlines in HTTP headers. (CVE-2021-32052)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5373-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-django, python-django-common and / or python3-django packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28346\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-django-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-django\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('ubuntu.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'python-django', 'pkgver': '1.6.11-0ubuntu1.3+esm5'},\n {'osver': '16.04', 'pkgname': 'python-django', 'pkgver': '1.8.7-1ubuntu5.15+esm5'},\n {'osver': '16.04', 'pkgname': 'python-django-common', 'pkgver': '1.8.7-1ubuntu5.15+esm5'},\n {'osver': '16.04', 'pkgname': 'python3-django', 'pkgver': '1.8.7-1ubuntu5.15+esm5'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-django / python-django-common / python3-django');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:37:09", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3177 advisory.\n\n - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.\n UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. (CVE-2021-45115)\n\n - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. (CVE-2021-45116)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-05T00:00:00", "type": "nessus", "title": "Debian DLA-3177-1 : python-django - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45115", "CVE-2021-45116", "CVE-2022-28346"], "modified": "2022-11-05T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:python-django:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:python-django-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:python-django-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:python3-django:*:*:*:*:*:*:*"], "id": "DEBIAN_DLA-3177.NASL", "href": "https://www.tenable.com/plugins/nessus/167042", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3177. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167042);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/05\");\n\n script_cve_id(\"CVE-2021-45115\", \"CVE-2021-45116\", \"CVE-2022-28346\");\n\n script_name(english:\"Debian DLA-3177-1 : python-django - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3177 advisory.\n\n - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.\n UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was\n artificially large in relation to the comparison values. In a situation where access to user registration\n was unrestricted, this provided a potential vector for a denial-of-service attack. (CVE-2021-45115)\n\n - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to\n leveraging the Django Template Language's variable resolution logic, the dictsort template filter was\n potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably\n crafted key. (CVE-2021-45116)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a\n crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-28346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/python-django\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the python-django packages.\n\nFor Debian 10 Buster, these problems have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28346\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'python-django', 'reference': '1:1.11.29-1+deb10u3'},\n {'release': '10.0', 'prefix': 'python-django-common', 'reference': '1:1.11.29-1+deb10u3'},\n {'release': '10.0', 'prefix': 'python-django-doc', 'reference': '1:1.11.29-1+deb10u3'},\n {'release': '10.0', 'prefix': 'python3-django', 'reference': '1:1.11.29-1+deb10u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-django / python-django-common / python-django-doc / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T04:23:19", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8872 advisory.\n\n - django: Possible XSS via '{% debug %}' template tag (CVE-2022-22818)\n\n - django: Denial-of-service possibility in file uploads (CVE-2022-23833)\n\n - Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-23T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenStack Platform 16.1.9 (python-django20) (RHSA-2022:8872)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22818", "CVE-2022-23833", "CVE-2022-28346"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-django20-bash-completion:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-django20:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2022-8872.NASL", "href": "https://www.tenable.com/plugins/nessus/170360", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8872. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170360);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-22818\", \"CVE-2022-23833\", \"CVE-2022-28346\");\n script_xref(name:\"RHSA\", value:\"2022:8872\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenStack Platform 16.1.9 (python-django20) (RHSA-2022:8872)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:8872 advisory.\n\n - django: Possible XSS via '{% debug %}' template tag (CVE-2022-22818)\n\n - django: Denial-of-service possibility in file uploads (CVE-2022-23833)\n\n - Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2048775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2048778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2072447\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python-django20-bash-completion and / or python3-django20 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28346\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 89, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-django20-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.1/debug',\n 'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.1/os',\n 'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.1/source/SRPMS',\n 'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.1/debug',\n 'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.1/os',\n 'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.1/source/SRPMS',\n 'content/dist/layered/rhel8/ppc64le/openstack/16.1/debug',\n 'content/dist/layered/rhel8/ppc64le/openstack/16.1/os',\n 'content/dist/layered/rhel8/ppc64le/openstack/16.1/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/debug',\n 'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/os',\n 'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/debug',\n 'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/os',\n 'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/openstack-tools/16/debug',\n 'content/dist/layered/rhel8/x86_64/openstack-tools/16/os',\n 'content/dist/layered/rhel8/x86_64/openstack-tools/16/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/openstack/16.1/debug',\n 'content/dist/layered/rhel8/x86_64/openstack/16.1/os',\n 'content/dist/layered/rhel8/x86_64/openstack/16.1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python-django20-bash-completion-2.0.13-18.el8ost', 'release':'8', 'el_string':'el8ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},\n {'reference':'python3-django20-2.0.13-18.el8ost', 'release':'8', 'el_string':'el8ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-django20-bash-completion / python3-django20');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:44:03", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0005-1 advisory.\n\n - In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. (CVE-2021-32052)\n\n - Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. (CVE-2021-33203)\n\n - In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . (CVE-2021-33571)\n\n - In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. (CVE-2021-44420)\n\n - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.\n UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. (CVE-2021-45115)\n\n - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. (CVE-2021-45116)\n\n - Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. (CVE-2021-45452)\n\n - The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. (CVE-2022-22818)\n\n - An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.\n (CVE-2022-23833)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\n - A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the\n **options argument, and placing the injection payload in an option name. (CVE-2022-28347)\n\n - An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7.\n An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. (CVE-2022-36359)\n\n - In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. (CVE-2022-41323)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-04T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : python-Django (openSUSE-SU-2023:0005-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32052", "CVE-2021-33203", "CVE-2021-33571", "CVE-2021-44420", "CVE-2021-45115", "CVE-2021-45116", "CVE-2021-45452", "CVE-2022-22818", "CVE-2022-23833", "CVE-2022-28346", "CVE-2022-28347", "CVE-2022-36359", "CVE-2022-41323"], "modified": "2023-01-04T00:00:00", "cpe": ["p-cpe:2.3:a:novell:opensuse:python3-django:*:*:*:*:*:*:*", "cpe:2.3:o:novell:opensuse:15.3:*:*:*:*:*:*:*"], "id": "OPENSUSE-2023-0005-1.NASL", "href": "https://www.tenable.com/plugins/nessus/169481", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2023:0005-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169481);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/04\");\n\n script_cve_id(\n \"CVE-2021-32052\",\n \"CVE-2021-33203\",\n \"CVE-2021-33571\",\n \"CVE-2021-44420\",\n \"CVE-2021-45115\",\n \"CVE-2021-45116\",\n \"CVE-2021-45452\",\n \"CVE-2022-22818\",\n \"CVE-2022-23833\",\n \"CVE-2022-28346\",\n \"CVE-2022-28347\",\n \"CVE-2022-36359\",\n \"CVE-2022-41323\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : python-Django (openSUSE-SU-2023:0005-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2023:0005-1 advisory.\n\n - In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator\n does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses\n values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because\n HttpResponse prohibits newlines in HTTP headers. (CVE-2021-32052)\n\n - Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via\n django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of\n arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by\n application developers to also show file contents, then not only the existence but also the file contents\n would have been exposed. In other words, there is directory traversal outside of the template root\n directories. (CVE-2021-33203)\n\n - In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address,\n and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a\n bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address\n are unaffected with Python 3.9.5+..) . (CVE-2021-33571)\n\n - In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with\n trailing newlines could bypass upstream access control based on URL paths. (CVE-2021-44420)\n\n - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.\n UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was\n artificially large in relation to the comparison values. In a situation where access to user registration\n was unrestricted, this provided a potential vector for a denial-of-service attack. (CVE-2021-45115)\n\n - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to\n leveraging the Django Template Language's variable resolution logic, the dictsort template filter was\n potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably\n crafted key. (CVE-2021-45116)\n\n - Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory\n traversal if crafted filenames are directly passed to it. (CVE-2021-45452)\n\n - The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not\n properly encode the current context. This may lead to XSS. (CVE-2022-22818)\n\n - An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before\n 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.\n (CVE-2022-23833)\n\n - An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a\n crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVE-2022-28346)\n\n - A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13,\n and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the\n **options argument, and placing the injection payload in an option name. (CVE-2022-28347)\n\n - An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7.\n An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition\n header of a FileResponse when the filename is derived from user-supplied input. (CVE-2022-36359)\n\n - In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject\n to a potential denial of service attack via the locale parameter, which is treated as a regular\n expression. (CVE-2022-41323)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203793\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UHF5IZKTZ2T4T4QQYZMUFHW422X3WCU6/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ff6e271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36359\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-41323\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-Django package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-28347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-Django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/SuSE/release');\nif (isnull(os_release) || os_release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar _os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:os_release);\nif (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\n_os_ver = _os_ver[1];\nif (os_release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', os_release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);\n\nvar pkgs = [\n {'reference':'python3-Django-2.2.28-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var _cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-Django');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T15:14:22", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 LTS\n\n## Packages\n\n * python-django \\- High-level Python web development framework\n\nIt was discovered that Django incorrectly handled certain certain column \naliases in the QuerySet.annotate(), aggregate(), and extra() methods. A \nremote attacker could possibly use this issue to perform an SQL injection \nattack. (CVE-2022-28346)\n\nIt was discovered that Django incorrectly handled certain option names in \nthe QuerySet.explain() method. A remote attacker could possibly use this \nissue to perform an SQL injection attack. This issue only affected Ubuntu \n20.04 LTS, and Ubuntu 21.10. (CVE-2022-28347)\n\nIt was discovered that the Django URLValidator function incorrectly handled \nnewlines and tabs. A remote attacker could possibly use this issue to \nperform a header injection attack. This issue only affected Ubuntu 18.04 \nLTS. (CVE-2021-32052)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "ubuntu", "title": "Django vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32052", "CVE-2022-28346", "CVE-2022-28347"], "modified": "2022-04-11T00:00:00", "id": "USN-5373-1", "href": "https://ubuntu.com/security/notices/USN-5373-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T15:14:22", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * python-django \\- High-level Python web development framework\n\nUSN-5373-1 fixed several vulnerabilities in Django. This update provides \nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that Django incorrectly handled certain certain column \naliases in the QuerySet.annotate(), aggregate(), and extra() methods. A \nremote attacker could possibly use this issue to perform an SQL injection \nattack. (CVE-2022-28346)\n\nIt was discovered that the Django URLValidator function incorrectly handled \nnewlines and tabs. A remote attacker could possibly use this issue to \nperform a header injection attack. (CVE-2021-32052)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "ubuntu", "title": "Django vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32052", "CVE-2022-28346"], "modified": "2022-04-11T00:00:00", "id": "USN-5373-2", "href": "https://ubuntu.com/security/notices/USN-5373-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-11-09T01:58:16", "description": "django is vulnerable to SQL Injection. The vulnerability exists due to a lack of sanitization of input via the `QuerySet.explain()` allowing an attacker to inject malicious query via the **options argument. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T16:28:39", "type": "veracode", "title": "SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28347"], "modified": "2022-11-08T06:39:28", "id": "VERACODE:35090", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35090/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-24T13:07:55", "description": "django is vulnerable to SQL injection. The library directly passes the user input directly to the QuerySet.annotate(), aggregate(), and extra() methods, allowing an attacker to inject malicious SQL query in column aliases via a malicious dictionary as the passed **kwargs.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T09:11:04", "type": "veracode", "title": "SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-11-07T22:39:32", "id": "VERACODE:35078", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35078/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-01-10T06:31:06", "description": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T00:00:33", "type": "osv", "title": "SQL Injection in Django", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28347"], "modified": "2023-01-10T06:31:02", "id": "OSV:GHSA-W24H-V9QH-8GXJ", "href": "https://osv.dev/vulnerability/GHSA-w24h-v9qh-8gxj", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-18T02:35:11", "description": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T05:15:00", "type": "osv", "title": "PYSEC-2022-191", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28347"], "modified": "2022-05-17T23:28:24", "id": "OSV:PYSEC-2022-191", "href": "https://osv.dev/vulnerability/PYSEC-2022-191", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:19:22", "description": "\nIt was discovered that there was potential SQL injection attack\nvulnerability in Django, a popular Python-based web development framework:\n\n\n* [CVE-2022-28346](https://security-tracker.debian.org/tracker/CVE-2022-28346)\n CVE-2022-28346: An issue was discovered in Django 2.2 before\n 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(),\n aggregate(), and extra() methods are subject to SQL injection in column\n aliases via a crafted dictionary (with dictionary expansion) as the\n passed \\*\\*kwargs.\n\n\nFor Debian 9 Stretch, this problem have been fixed in version\n1:1.10.7-2+deb9u16.\n\n\nWe recommend that you upgrade your python-django packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-14T00:00:00", "type": "osv", "title": "python-django - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-08-05T05:19:21", "id": "OSV:DLA-2982-1", "href": "https://osv.dev/vulnerability/DLA-2982-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-18T02:34:37", "description": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T05:15:00", "type": "osv", "title": "PYSEC-2022-190", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-05-17T23:28:24", "id": "OSV:PYSEC-2022-190", "href": "https://osv.dev/vulnerability/PYSEC-2022-190", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T06:47:52", "description": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T00:00:33", "type": "osv", "title": "SQL Injection in Django", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2023-01-10T06:47:50", "id": "OSV:GHSA-2GWJ-7JMV-H26R", "href": "https://osv.dev/vulnerability/GHSA-2gwj-7jmv-h26r", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-15T21:17:30", "description": "\nMultiple security issues were found in Django, a Python web development\nframework, which could result in denial of service, SQL injection or\ncross-site scripting.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2:2.2.28-1~deb11u1.\n\n\nWe recommend that you upgrade your python-django packages.\n\n\nFor the detailed security status of python-django please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/python-django](https://security-tracker.debian.org/tracker/python-django)\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-15T00:00:00", "type": "osv", "title": "python-django - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-36359", "CVE-2022-28347", "CVE-2022-34265", "CVE-2022-22818", "CVE-2022-23833", "CVE-2022-28346", "CVE-2022-41323"], "modified": "2022-10-15T21:17:23", "id": "OSV:DSA-5254-1", "href": "https://osv.dev/vulnerability/DSA-5254-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-04T15:31:19", "description": "\nIt was discovered that there were multiple vulnerabilies in Django, a\npopular Python-based development framework:\n\n\n* [CVE-2022-28346](https://security-tracker.debian.org/tracker/CVE-2022-28346):\nAn issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0\nbefore 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject\nto SQL injection in column aliases via a crafted dictionary (with dictionary\nexpansion) as the passed \\*\\*kwargs.\n* [CVE-2021-45115](https://security-tracker.debian.org/tracker/CVE-2021-45115):\nAn issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0\nbefore 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in\nevaluating a submitted password that was artificially large in relation to the\ncomparison values. In a situation where access to user registration was\nunrestricted, this provided a potential vector for a denial-of-service\nattack.\n* [CVE-2021-45116](https://security-tracker.debian.org/tracker/CVE-2021-45116):\nAn issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0\nbefore 4.0.1. Due to leveraging the Django Template Language's variable\nresolution logic, the dictsort template filter was potentially vulnerable to\ninformation disclosure, or an unintended method call, if passed a suitably\ncrafted key.\n\n\nFor Debian 10 Buster, these problems have been fixed in version\n1:1.11.29-1+deb10u3.\n\n\nWe recommend that you upgrade your python-django packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-04T00:00:00", "type": "osv", "title": "python-django - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45115", "CVE-2021-45116", "CVE-2022-28346"], "modified": "2022-11-04T15:31:17", "id": "OSV:DLA-3177-1", "href": "https://osv.dev/vulnerability/DLA-3177-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:10:09", "description": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2\nbefore 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by\npassing a crafted dictionary (with dictionary expansion) as the **options\nargument, and placing the injection payload in an option name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "ubuntucve", "title": "CVE-2022-28347", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28347"], "modified": "2022-04-11T00:00:00", "id": "UB:CVE-2022-28347", "href": "https://ubuntu.com/security/CVE-2022-28347", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:10:09", "description": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and\n4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are\nsubject to SQL injection in column aliases via a crafted dictionary (with\ndictionary expansion) as the passed **kwargs.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "ubuntucve", "title": "CVE-2022-28346", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-04-11T00:00:00", "id": "UB:CVE-2022-28346", "href": "https://ubuntu.com/security/CVE-2022-28346", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2022-11-22T14:59:12", "description": "A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T12:50:15", "type": "redhatcve", "title": "CVE-2022-28347", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28347"], "modified": "2022-11-22T12:26:20", "id": "RH:CVE-2022-28347", "href": "https://access.redhat.com/security/cve/cve-2022-28347", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T17:08:07", "description": "A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T12:50:13", "type": "redhatcve", "title": "CVE-2022-28346", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2023-01-10T12:05:26", "id": "RH:CVE-2022-28346", "href": "https://access.redhat.com/security/cve/cve-2022-28346", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-01-22T06:07:36", "description": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T05:15:00", "type": "debiancve", "title": "CVE-2022-28347", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28347"], "modified": "2022-04-12T05:15:00", "id": "DEBIANCVE:CVE-2022-28347", "href": "https://security-tracker.debian.org/tracker/CVE-2022-28347", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-22T06:07:36", "description": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T05:15:00", "type": "debiancve", "title": "CVE-2022-28346", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-04-12T05:15:00", "id": "DEBIANCVE:CVE-2022-28346", "href": "https://security-tracker.debian.org/tracker/CVE-2022-28346", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-11-08T06:59:05", "description": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T05:15:00", "type": "cve", "title": "CVE-2022-28347", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28347"], "modified": "2022-11-08T02:21:00", "cpe": ["cpe:/o:debian:debian_linux:11.0"], "id": "CVE-2022-28347", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28347", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-11-07T22:05:39", "description": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T05:15:00", "type": "cve", "title": "CVE-2022-28346", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-11-07T19:39:00", "cpe": ["cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2022-28346", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28346", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "github": [{"lastseen": "2023-01-30T05:07:16", "description": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T00:00:33", "type": "github", "title": "SQL Injection in Django", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28347"], "modified": "2023-01-30T05:03:38", "id": "GHSA-W24H-V9QH-8GXJ", "href": "https://github.com/advisories/GHSA-w24h-v9qh-8gxj", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T05:07:03", "description": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T00:00:33", "type": "github", "title": "SQL Injection in Django", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2023-01-27T05:01:33", "id": "GHSA-2GWJ-7JMV-H26R", "href": "https://github.com/advisories/GHSA-2gwj-7jmv-h26r", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-11-04T16:03:55", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2982-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nApril 14, 2022 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : python-django\nVersion : 1:1.10.7-2+deb9u16\nCVE ID : CVE-2022-28346\nDebian Bug : #1009677\n\nIt was discovered that there was potential SQL injection attack\nvulnerability in Django, a popular Python-based web development\nframework.\n\nQuerySet.annotate(), aggregate(), and extra() methods were subject to\nSQL injection in column aliases, using a suitably crafted dictionary,\nwith dictionary expansion, as the **kwargs passed to these methods.\n\nFor more information, please see:\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases/\n\nFor Debian 9 "Stretch", this problem has been fixed in version\n1:1.10.7-2+deb9u16.\n\nWe recommend that you upgrade your python-django packages.\n\nFor the detailed security status of python-django please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/python-django\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-14T15:45:49", "type": "debian", "title": "[SECURITY] [DLA 2982-1] python-django security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-04-14T15:45:49", "id": "DEBIAN:DLA-2982-1:BCA50", "href": "https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-17T10:25:56", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5254-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 15, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : python-django\nCVE ID : CVE-2022-22818 CVE-2022-23833 CVE-2022-28346 CVE-2022-28347 \n CVE-2022-34265 CVE-2022-36359 CVE-2022-41323\nDebian Bug : 1004752 1009677 1014541\n\nMultiple security issues were found in Django, a Python web development\nframework, which could result in denial of service, SQL injection or\ncross-site scripting.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2:2.2.28-1~deb11u1.\n\nWe recommend that you upgrade your python-django packages.\n\nFor the detailed security status of python-django please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/python-django\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-15T16:00:48", "type": "debian", "title": "[SECURITY] [DSA 5254-1] python-django security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22818", "CVE-2022-23833", "CVE-2022-28346", "CVE-2022-28347", "CVE-2022-34265", "CVE-2022-36359", "CVE-2022-41323"], "modified": "2022-10-15T16:00:48", "id": "DEBIAN:DSA-5254-1:39C22", "href": "https://lists.debian.org/debian-security-announce/2022/msg00223.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-04T19:38:04", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-3177-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nNovember 04, 2022 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : python-django\nVersion : 1:1.11.29-1+deb10u3\nCVE IDs : CVE-2022-28346 CVE-2021-45115 CVE-2021-45116\nDebian Bugs : 1003113 1009677\n\nIt was discovered that there were multiple vulnerabilies in Django, a\npopular Python-based development framework:\n\n * CVE-2022-28346: An issue was discovered in Django 2.2 before\n 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.\n QuerySet.annotate(), aggregate(), and extra() methods are subject\n to SQL injection in column aliases via a crafted dictionary (with\n dictionary expansion) as the passed **kwargs.\n\n * CVE-2021-45115: An issue was discovered in Django 2.2 before\n 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.\n UserAttributeSimilarityValidator incurred significant overhead in\n evaluating a submitted password that was artificially large in\n relation to the comparison values. In a situation where access to\n user registration was unrestricted, this provided a potential\n vector for a denial-of-service attack.\n\n * CVE-2021-45116: An issue was discovered in Django 2.2 before\n 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging\n the Django Template Language's variable resolution logic, the\n dictsort template filter was potentially vulnerable to information\n disclosure, or an unintended method call, if passed a suitably\n crafted key.\n\nFor Debian 10 buster, these problems have been fixed in version\n1:1.11.29-1+deb10u3.\n\nWe recommend that you upgrade your python-django packages.\n\nFor the detailed security status of python-django please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/python-django\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-04T14:35:57", "type": "debian", "title": "[SECURITY] [] python-django security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45115", "CVE-2021-45116", "CVE-2022-28346"], "modified": "2022-11-04T14:35:57", "id": "DEBIAN:F3A2C8C4E77BD484AC3BCE41E433A4DB:EDC18", "href": "https://lists.debian.org/debian-lts-announce/2022/11/msg00005.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redos": [{"lastseen": "2023-01-07T04:09:03", "description": "The vulnerability of the QuerySet.annotate(), aggregate(), and extra() methods of the Django web application software platform is related to a failure to protect the SQL query structure. Exploitation of the vulnerability could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information through a specially crafted dictionary", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-07T07:09:03", "type": "redos", "title": "ROS-20220516-04", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2023-01-07T07:09:03", "id": "ROS-20220516-04", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-django-cve-2022-28347-cve-2022-28346/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2022-08-24T08:29:31", "description": "<h1 align=\"center\">CVE-2022-28346 PoC <a href=\"https://twitter.c...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-15T00:24:19", "type": "githubexploit", "title": "Exploit for SQL Injection in Djangoproject Django", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-08-24T08:06:59", "id": "92BAB396-41EA-57CF-81E2-43CFD97ABFF4", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-05-30T14:03:58", "description": "![image.png](https://images.viblo.asia/1cbff5bf-f990-4bdb-ab74-1...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-27T10:08:55", "type": "githubexploit", "title": "Exploit for SQL Injection in Djangoproject Django", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-05-27T22:14:45", "id": "F80E42B7-B5D0-5191-8C3C-5424FA3076A8", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-20T02:47:41", "description": "# CVE-2022-28346\nSQL injection in QuerySet.annotate(), aggregate...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T08:27:34", "type": "githubexploit", "title": "Exploit for SQL Injection in Djangoproject Django", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-07-18T08:26:27", "id": "9F50AAE5-3EA3-5804-A040-09FE1281C2FB", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-10-28T05:45:36", "description": "### CVE-2022-28346\nDjango QuerySet.annotate(), aggregate(), extr...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-26T14:47:56", "type": "githubexploit", "title": "Exploit for SQL Injection in Djangoproject Django", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28346"], "modified": "2022-10-28T01:43:23", "id": "1EF4C8A5-CBE0-550F-A94D-2EA044EEFD2C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}]}

(RHSA-2022:5702) Important: Red Hat Ansible Automation Platform 2.1.2 security and bug fix update

Description

Affected Package

Related