13 matches found
SUSE CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...
Moderate: Red Hat Security Advisory: Satellite 6.9 Release
An update is now available for Red Hat Satellite 6.9 for RHEL 7. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: foreman:...
Fedora: Security Advisory for python-django (FEDORA-2020-c2639662af)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-django (FEDORA-2020-2e7d30f7aa)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : python-django (2020-2e7d30f7aa)
Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
Fedora 32 : python-django (2020-c2639662af)
Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
[SECURITY] [DSA 4705-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4705-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2020 https://www.debian.org/security/faq -...
GLSA-202004-17 : Django: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202004-17 Django: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending specially crafted input,...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.12-alt1
April 12, 2020 Alexey Shabalin 2.2.12-alt1 - 2.2.12 - Fixes for the following security vulnerabilities: + CVE-2019-19118 Privilege escalation in the Django admin. + CVE-2019-19844 Potential account hijack via password reset form + CVE-2020-7471 Potential SQL injection via StringAggdelimiter +...
ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.3.1) +28 more potentially affected by CVE-2020-9402 via django (>=2.2.0 <=2.2.10)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.26 - django-smorest =0.1.3 - djangorestframework-simplejwt-captcha =1.1.4 - djpub =0.0.1 and more Source cves: CVE-2020-9402 Source advisory: OSV:PYSEC-2020-345...
ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.3.1) +28 more potentially affected by CVE-2020-9402 via django (>=2.2.0 <=2.2.10)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.26 - django-smorest =0.1.3 - djangorestframework-simplejwt-captcha =1.1.4 - djpub =0.0.1 and more Source cves: CVE-2020-9402 Source advisory: OSV:PYSEC-2020-36...
admindjango-ckeditor-blog (=0.1.0), aiida-core (=1.0.0) +53 more potentially affected by CVE-2020-9402 via django (>=1.11.0 <=1.11.28)
django PYPI version =1.11.0, =0.2.0.dev20181221, =0.28.0, =3.1.4, =2.19.0, =0.0.19, =4.4.1, =1.0.0, =0.6.0, =0.7.2 and more Source cves: CVE-2020-9402 Source advisory: OSV:PYSEC-2020-36...
CVE-2020-9402
CVE-2020-9402 affects Django: SQL injection via a tolerance parameter in GIS functions/aggregates when using Oracle. Affected versions are Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4. The root cause is improper escaping allowing crafted tolerance to inject SQL. Remediation...