Security fix for the ALT Linux 10 package python3-module-django version 2.2.12-alt1

April 12, 2020 Alexey Shabalin 2.2.12-alt1 - 2.2.12 - Fixes for the following security vulnerabilities: + CVE-2019-19118 Privilege escalation in the Django admin. + CVE-2019-19844 Potential account hijack via password reset form + CVE-2020-7471 Potential SQL injection via StringAggdelimiter +...

Security fix for the ALT Linux 9 package python3-module-django version 2.2.12-alt1

April 12, 2020 Alexey Shabalin 2.2.12-alt1 - 2.2.12 - Fixes for the following security vulnerabilities: + CVE-2019-19118 Privilege escalation in the Django admin. + CVE-2019-19844 Potential account hijack via password reset form + CVE-2020-7471 Potential SQL injection via StringAggdelimiter +...

[ASA-202003-5] python-django: sql injection

Arch Linux Security Advisory ASA-202003-5 ========================================= Severity: Medium Date : 2020-03-08 CVE-ID : CVE-2020-9402 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-1111 Summary ======= The package python-django before...

PYSEC-2020-345

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...

Sql injection

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...

CVE-2020-9402

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...

CVE-2020-9402

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...

CVE-2020-9402

A SQL-injection flaw was found in python-django, where GIS functions and aggregates in Oracle did not correctly neutralize tolerance-parameter data. A remote attacker could use this flaw to submit crafted data to inject malicious SQL. Mitigation There is no known mitigation for this issue, the fl...

USN-4296-1: Django vulnerability

Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack...

UBUNTU-CVE-2020-9402

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...

Django -- potential SQL injection vulnerability

MITRE CVE reports: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...