Описание
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
Отчет
Red Hat OpenStack does ship the affected version of Django. However, the product is not vulnerable since it does not implement the vulnerable method QuerySet.explain() introduced in Django 2.1.x onward.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 3 | graphite-web | Affected | ||
| Red Hat Discovery 1 | discovery-server-container | Affected | ||
| Red Hat OpenStack Platform 13 (Queens) | python-django | Affected | ||
| Red Hat OpenStack Platform 16.1 | python-django | Affected | ||
| Red Hat OpenStack Platform 16.2 | python-django | Affected | ||
| Red Hat Satellite 6 | python3-django | Affected | ||
| Red Hat Storage 3 | graphite-web | Affected | ||
| Red Hat Update Infrastructure 4 for Cloud Providers | python-django-guardian | Affected | ||
| Red Hat Update Infrastructure 4 for Cloud Providers | python-drf-nested-routers | Affected | ||
| Red Hat Ansible Automation Platform 2.1 for RHEL 8 | automation-controller | Fixed | RHSA-2022:5702 | 25.07.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.4 Critical
CVSS3
Связанные уязвимости
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...
Уязвимость реализации функции QuerySet.explain() программной платформы для веб-приложений Django, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
9.4 Critical
CVSS3