21 matches found
SUSE CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471-PoC Django PoC for the SQL injection vulnerabi...
Exploit for SQL Injection in Djangoproject Django
DOBBYISFREE! - 출제된 CTF: 2020 Christmas CTFhttps://dreamh...
Fedora: Security Advisory for python-django (FEDORA-2020-c2639662af)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-django (FEDORA-2020-2e7d30f7aa)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : python-django (2020-2e7d30f7aa)
Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
Fedora 32 : python-django (2020-c2639662af)
Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
GLSA-202004-17 : Django: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202004-17 Django: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending specially crafted input,...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.12-alt1
April 12, 2020 Alexey Shabalin 2.2.12-alt1 - 2.2.12 - Fixes for the following security vulnerabilities: + CVE-2019-19118 Privilege escalation in the Django admin. + CVE-2019-19844 Potential account hijack via password reset form + CVE-2020-7471 Potential SQL injection via StringAggdelimiter +...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28(不含) - 2.2 到 2.2.10(不含) - 3.0 到 3.0.3(不含) 下载使用前需要如下操作: 1. 安装 django 漏洞版本,我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 This repository provides environments and P...
Debian DSA-4629-1 : python-django - security update
Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian: Security Advisory (DSA-4629-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4629-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4629-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 19, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4629-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4629-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 19, 2020 https://www.debian.org/security/faq -...
allianceauth (>=2.1.0 <=2.1.1), beanstalk-dispatch (>=0.0.3 <=0.0.5) +229 more potentially affected by CVE-2020-7471 via django (>=2.0.0 <=2.2.1)
django PYPI version =2.0.0, =2.1.0, =0.0.3, =0.1.0, =0.1.0, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =0.0.1, =0.0.29 - dj-nexmo =0.0.2 and more Source cves: CVE-2020-7471 Source advisory: OSV:GHSA-HMR4-M2H5-33QX...
Django 1.11.x < 1.11.28, 2.2.x < 2.2.10, 3.0.x < 3.0.3 SQL Injection Vulnerability - Linux
Django is prone to an SQL injection vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...
CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
capreolus (>=0.1.0 <=0.1.1), django-basic-auth-ip-whitelist (=0.2.0) +18 more potentially affected by CVE-2020-7471 via django (>=2.2.0 <=2.2.1)
django PYPI version =2.2.0, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.2, =0.0.16 - ibm-db-django =1.3.0.0 - irekua-database =0.1.0 and more Source cves: CVE-2020-7471 Source advisory: OSV:PYSEC-2020-35...
argus-server (>=1.0.0 <=1.1.1), ariadne-extended (>=0.1.0 <=0.1.12) +152 more potentially affected by CVE-2020-7471 via django (>=3.0.0 <=3.0.2)
django PYPI version =3.0.0, =1.0.0, =0.1.0, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.1.1, =0.0.1, =0.4.0, =3.0.1, =3.0.2 and more Source cves: CVE-2020-7471 Source advisory: OSV:PYSEC-2020-35...