python-django: Potential SQL injection in QuerySet.values() and values_list()

A flaw was found in Django. The QuerySet.values and QuerySet.valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

Django SQL注入漏洞

Django is a set of open source web application framework based on Python language from Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. An SQL injection vulnerability exists in Django versions prior to 5.0 to 5.0.8 and 4.2 to 4.2.15, whi...