AVG-2667 log
Package | python-django |
Status | Fixed |
Severity | High |
Type | sql injection |
Affected | 4.0.3-1 |
Fixed | 4.0.4-1 |
Current |
5.1.4-1 [extra-testing] 5.1.2-1 [extra] |
Ticket | None |
Created | Tue Apr 12 18:37:40 2022 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2022-28347 | High | Yes | Sql injection | QuerySet.explain() method was subject to SQL injection in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument. |
CVE-2022-28346 | High | Yes | Sql injection | QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary... |
Date | Advisory | Package | Type |
---|---|---|---|
12 Apr 2022 | ASA-202204-9 | python-django | sql injection |