Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-9402 - log back

CVE-2020-9402 edited at 06 Mar 2020 09:06:14

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Sql injection

Description

+	A potential SQL injection has been found in Django before 3.0.4, via tolerance parameter in GIS functions and aggregates on Oracle.

References

+	https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
+	https://github.com/django/django/commit/26a5cf834526e291db00385dd33d319b8271fc4c

Notes

CVE-2020-9402 created at 06 Mar 2020 09:04:40