Описание
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
Отчет
This issue affects the versions of python-django as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and 3, as it contains the vulnerable code. This issue affects Red Hat Update Infrastructure for Cloud Providers, but the vulnerable functions in python-django are currently not used in any part of the Product. This issue does not affect Red Hat Satellite as the vulnerable functions in python-django are not used. Red Hat OpenStack Platform:
- This issue affects all versions of python-django shipped with Red Hat Openstack Platform versions 9-15, as it contains the vulnerable code. However, the version of python-django shipped with Red Hat Openstack Platform versions 9 & 10 do not contain the code for JSONFields.
- Because the flaw's impact is Medium, it will not be fixed in Red Hat Openstack Platform 9 which is retiring on 8/24.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | calamari-server | Not affected | ||
| Red Hat Ceph Storage 2 | python-django | Affected | ||
| Red Hat Ceph Storage 3 | python-django | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | python-django | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 14 (Rocky) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 9 (Mitaka) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | python-django | Will not fix | ||
| Red Hat Satellite 6 | python-django | Not affected | ||
| Red Hat Storage 3 | python-django | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
Уязвимость функций django.contrib.postgres.fields.HStoreField и django.contrib.postgres.fields.JSONField фреймворка Django, связанная с отсутствием мер по защите структуры запроса SQL, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3