AVG-2667 log

Package python-django
Status Fixed
Severity High
Type sql injection
Affected 4.0.3-1
Fixed 4.0.4-1
Current 4.0.6-1 [extra]
Ticket None
Created Tue Apr 12 18:37:40 2022
Issue Severity Remote Type Description
CVE-2022-28347 High Yes Sql injection
QuerySet.explain() method was subject to SQL injection in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument.
CVE-2022-28346 High Yes Sql injection
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary...
Date Advisory Package Type
12 Apr 2022 ASA-202204-9 python-django sql injection