ASA-202002-1 log original external raw

[ASA-202002-1] python-django: sql injection
Arch Linux Security Advisory ASA-202002-1 ========================================= Severity: Medium Date : 2020-02-03 CVE-ID : CVE-2020-7471 Package : python-django Type : sql injection Remote : Yes Link : Summary ======= The package python-django before version 3.0.3-1 is vulnerable to sql injection. Resolution ========== Upgrade to 3.0.3-1. # pacman -Syu "python-django>=3.0.3-1" The problem has been fixed upstream in version 3.0.3. Workaround ========== None. Description =========== django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter. Impact ====== A remote attacker is able to perform a SQL injection using a specially crafted request. References ==========