177 matches found
MGASA-2022-0190 Updated python-django packages fix security vulnerability
Potential SQL injection in QuerySet.annotate, aggregate, and extra CVE-2022-28346 Potential SQL injection via QuerySet.explainoptions on PostgreSQL QuerySet.explain CVE-2022-28347...
ROS-20220516-04
Vulnerability of QuerySet.explain function of Django web application software platform is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity and availability o...
Exploit for SQL Injection in Djangoproject Django
CVE-2022-28346 PoC Impact: - Potential SQL injection in Q...
OESA-2022-1642 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column...
Exploit for SQL Injection in Djangoproject Django
CVE-2022-28346 Django QuerySet.annotate, aggregate, extr...
Django SQL Injection Vulnerability (CNVD-2022-31837)
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...
Django SQL Injection Vulnerability (CNVD-2022-31838)
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...
SQL Injection
django is vulnerable to SQL Injection. The vulnerability exists due to a lack of sanitization of input via the QuerySet.explain allowing an attacker to inject malicious query via the options argument...
SQL Injection
django is vulnerable to SQL injection. The library directly passes the user input directly to the QuerySet.annotate, aggregate, and extra methods, allowing an attacker to inject malicious SQL query in column aliases via a malicious dictionary as the passed kwargs...
GHSA-W24H-V9QH-8GXJ SQL Injection in Django
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
SQL Injection in Django
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
DEBIAN-CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
DEBIAN-CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
Sql injection
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
Sql injection
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
PYSEC-2022-191
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
PYSEC-2022-191
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...