AVG-1111 log

Package python-django
Status Fixed
Severity Medium
Type sql injection
Affected 3.0.3-1
Fixed 3.0.4-1
Current 3.1.1-1 [extra]
Ticket None
Created Fri Mar 6 09:04:40 2020
Issue Severity Remote Type Description
CVE-2020-9402 Medium Yes Sql injection
A potential SQL injection has been found in Django before 3.0.4, via tolerance parameter in GIS functions and aggregates on Oracle.
Date Advisory Package Description
08 Mar 2020 ASA-202003-5 python-django sql injection
References
https://docs.djangoproject.com/en/dev/releases/3.0.4/
https://www.openwall.com/lists/oss-security/2020/03/04/1
https://www.djangoproject.com/weblog/2020/mar/04/security-releases/