CVE-2020-9402 log

Source
Severity Medium
Remote Yes
Type Sql injection
Description
A potential SQL injection has been found in Django before 3.0.4, via tolerance parameter in GIS functions and aggregates on Oracle.
Group Package Affected Fixed Severity Status Ticket
AVG-1111 python-django 3.0.3-1 3.0.4-1 Medium Fixed
Date Advisory Group Package Severity Description
08 Mar 2020 ASA-202003-5 AVG-1111 python-django Medium sql injection
References
https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
https://github.com/django/django/commit/26a5cf834526e291db00385dd33d319b8271fc4c