9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
44.5%
django is vulnerable to SQL injection. An attacker is able to execute arbitrary SQL commands via the Trunc()
and Extract()
database functions which allows an attacker to execute arbitrary sql queries.
docs.djangoproject.com/en/4.0/releases/security/
github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492
github.com/django/django/commit/284b188a4194e8fa5d72a73b09a869d7dd9f0dc5
github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e
groups.google.com/forum/#!forum/django-announce
groups.google.com/g/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
lists.fedoraproject.org/archives/list/[email protected]/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
security.netapp.com/advisory/ntap-20220818-0006/
www.debian.org/security/2022/dsa-5254
www.djangoproject.com/weblog/2022/jul/04/security-releases/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
44.5%