Описание
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
A flaw was found in Django, where it may allow SQL injection if improperly sanitized data is used as a StringAgg delimiter. If a suitably crafted delimiter is passed to a 'contrib.postgres.aggregates.StringAgg' instance, it is possible to break escaping and inject malicious SQL. An attacker could use this flaw to cause a denial of service, information disclosure, or privilege escalation.
Отчет
Even though the version of python-django as shipped in Red Hat Update Infrastructure contains the vulnerable code, the Product is not vulnerable because the vulnerable function is not used. Red Hat Update Infrastructure is based on pulp 2, which still uses MongoDB as database and not postgresql, where the flaw lies. Although Red Hat OpenStack Platform 13, 15, & 16 contain the vulnerable code, postgresql is not a supported database hence the lowered impact. Satellite 6 versions include vulnerable version of python-django however vulnerability is not directly exposed through code since the product does not use 'StringAgg' delimiter implementation. This issue may be get fixed in future updates. Red Hat Update Infrastructure 3 is in Maintenance Support phase and product only fixing Critical or Important impact flaws. Please refer lifecycle page for more details: https://access.redhat.com/support/policy/updates/rhui
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | python-django | Out of support scope | ||
| Red Hat Ceph Storage 3 | python-django | Not affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | python-django | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | python-django | Fix deferred | ||
| Red Hat OpenStack Platform 15 (Stein) | python-django | Fix deferred | ||
| Red Hat OpenStack Platform 16 (Train) | python-django | Fix deferred | ||
| Red Hat Satellite 6 | python-django | Fix deferred | ||
| Red Hat Storage 3 | python-django | Affected | ||
| Red Hat Update Infrastructure 3 for Cloud Providers | python-django | Will not fix |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...
Уязвимость компонента contrib.postgres.aggregates.StringAgg программной платформы для веб-приложений Django, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
9.8 Critical
CVSS3