177 matches found
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
[ASA-202204-9] python-django: sql injection
Arch Linux Security Advisory ASA-202204-9 ========================================= Severity: High Date : 2022-04-12 CVE-ID : CVE-2022-28346 CVE-2022-28347 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-2667 Summary ======= The package...
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
USN-5373-2 python-django vulnerabilities
USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra...
USN-5373-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack. CVE-2022-28346 It was discovered that Django incorrectly handled certain...
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
UBUNTU-CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
UBUNTU-CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...
Django SQL注入漏洞
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...
Django SQL注入漏洞
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...
Django -- multiple vulnerabilities
Django Release reports: CVE-2022-28346: Potential SQL injection in QuerySet.annotate, aggregate, and extra. CVE-2022-28347: Potential SQL injection via QuerySet.explainoptions on PostgreSQL...
[SECURITY] Fedora 34 Update: python-django-filter-21.1-1.fc34
Django-filter is a reusable Django application for allowing users to filter querysets dynamically...
GHSA-XPFP-F569-Q3P2 SQL Injection in Django
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...
SQL Injection in Django
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...
SQL Injection
django is vulnerable to SQL injection. An attacker is able to inject malicious query via QuerySet.orderby...
[ASA-202107-11] python-django: insufficient validation
Arch Linux Security Advisory ASA-202107-11 ========================================== Severity: High Date : 2021-07-03 CVE-ID : CVE-2021-35042 Package : python-django Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-2123 Summary ======= The package python-djan...