3 matches found
alcali (>=2018.3.4 <=3000.1.0), argus-server (>=1.0.0 <=1.1.1) +173 more potentially affected by CVE-2020-13254 via django (>=3.0.0 <=3.0.6)
django PYPI version =3.0.0, =2018.3.4, =1.0.0, =0.1.0, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.1.1, =0.0.1, =0.1.3 - deustest2022 =1.0.0 - djangelo =0.1.4 - django-account-rcg-chandu =0.1.0 and more Source cves: CVE-2020-13254 Source advisory: OSV:PYSEC-2020-31...
GHSA-HMR4-M2H5-33QX SQL injection in Django
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
PYSEC-2020-35
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...