Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2022-28347 - log back

CVE-2022-28347 edited at 12 Apr 2022 18:55:40

References

	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
+	https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
+	https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
+	https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
+	https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5

CVE-2022-28347 created at 12 Apr 2022 18:36:27

Severity

+

High

Remote

+

Remote

Type

+	Sql injection

Description

+	QuerySet.explain() method was subject to SQL injection in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument.

References

+	https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

Notes