4 matches found
django: Django SQL injection
A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...
PYSEC-2025-108
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector...
PYSEC-2025-108
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...
PT-2025-45119
Name of the Vulnerable Software and Affected Versions Django versions prior to 5.1.14, prior to 4.2.26, and prior to 5.2.8 Description Django is susceptible to a SQL injection issue due to improper handling of dictionary expansion when using the QuerySet.filter, QuerySet.exclude, and QuerySet.get...