3 matches found
SUSE CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...
DEBIAN-CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escapi...
PT-2020-5130 · Django Software Foundation +2 · Django +2
Name of the Vulnerable Software and Affected Versions: Django versions 1.11 before 1.11.29 Django versions 2.2 before 2.2.11 Django versions 3.0 before 3.0.4 Description: The issue allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. B...