AVG-2788 log
Package | python-django |
Status | Fixed |
Severity | High |
Type | sql injection |
Affected | 4.0.5-1 |
Fixed | 4.0.6-1 |
Current | 5.1.4-1 [extra] |
Ticket | None |
Created | Thu Jul 28 20:16:07 2022 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2022-34265 | High | Yes | Sql injection | Trunc() and Extract() database functions were subject to SQL injection if untrusted data was used as a kind/lookup_name value |
References |
---|
https://www.djangoproject.com/weblog/2022/jul/04/security-releases/ |