CVE-2019-14234 log

Source
Severity Medium
Remote Yes
Type Sql injection
Description
Key and index lookups for JSONField and key lookups for HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter().
Group Package Affected Fixed Severity Status Ticket
AVG-1015 python-django 2.2.3-1 2.2.4-1 Medium Fixed
AVG-1014 python2-django 1.11.22-1 1.11.23-1 Medium Fixed
Date Advisory Group Package Severity Description
05 Aug 2019 ASA-201908-3 AVG-1014 python2-django Medium multiple issues
05 Aug 2019 ASA-201908-2 AVG-1015 python-django Medium multiple issues
References
https://github.com/django/django/commit/7deeabc7c7526786df6894429ce89a9c4b614086