CVE-2022-28347 log

Source
Severity High
Remote Yes
Type Sql injection
Description
QuerySet.explain() method was subject to SQL injection in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument.
Group Package Affected Fixed Severity Status Ticket
AVG-2667 python-django 4.0.3-1 4.0.4-1 High Fixed
Date Advisory Group Package Severity Type
12 Apr 2022 ASA-202204-9 AVG-2667 python-django High sql injection
References
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d 
https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5