29 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000178)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000178 advisory. An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL...
Internet Bug Bounty: CVE-2024-53908: Django Potential SQL injection in `HasKey(lhs, rhs)` on Oracle
CVE-2024-53908: Django potential SQL injection in HasKeylhs, rhs on Oracle was reported. The vulnerability was found in the direct usage of the django.db.models.fields.json.HasKey lookup on Oracle databases when untrusted data was used as an lhs value. Applications that used the jsonfield.haskey...
CVE-2024-53908
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...
Internet Bug Bounty: CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
CVE-2024-42005: Potential SQL injection in QuerySet.values and valueslist A vulnerability was discovered in Django where the QuerySet.values and valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed argument...
SQL Injection
Django is vulnerable to SQL injection. The vulnerability is due to the QuerySet.values and valueslist functions on models with a JSONField, allowing attackers to manipulate SQL queries in column aliases via a crafted JSON object key passed as an argument...
BIT-DJANGO-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
CVE-2024-42005
A flaw was found in Django. The QuerySet.values and QuerySet.valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed arg. Mitigation Mitigation for this issue is either not available or the currently available options...
Django SQL injection vulnerability
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
CVE-2024-42005
The CVE-2024-42005 vulnerability affects Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The issue is a SQL injection in QuerySet.values() and values_list() when models use a JSONField, exploitable via a crafted JSON object key passed as an argument to the method. The problem arises in the handlin...
CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
Moderate: Red Hat Security Advisory: python-django security update
An update for python-django is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
SQL Injection in Django
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
DEBIAN-CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...