CVE-2022-28347 log

Severity High
Remote Yes
Type Sql injection
QuerySet.explain() method was subject to SQL injection in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument.
Group Package Affected Fixed Severity Status Ticket
AVG-2667 python-django 4.0.3-1 4.0.4-1 High Fixed
Date Advisory Group Package Severity Type
12 Apr 2022 ASA-202204-9 AVG-2667 python-django High sql injection