Описание
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
A flaw was found in Django. The QuerySet.values() and QuerySet.values_list() methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
Отчет
This vulnerability is considered of moderate severity rather than high or critical because it requires specific conditions to be exploitable. The potential for SQL injection exists only when QuerySet.values() or values_list() methods are used on models with a JSONField, and an attacker must have control over the JSON object keys passed as arguments. In typical use cases, these methods are often used with predefined or controlled data, limiting the attack surface. Furthermore, the impact is constrained to the manipulation of column aliases, rather than direct injection into more critical parts of the SQL query, reducing the overall risk compared to more direct forms of SQL injection vulnerabilities.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-dellemc-openmanage-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/lightspeed-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 8 | redhat-certification | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 9 | redhat-certification | Affected | ||
| Discovery 1 for RHEL 9 | discovery/discovery-server-rhel9 | Fixed | RHSA-2025:1249 | 10.02.2025 |
| Discovery 1 for RHEL 9 | discovery/discovery-ui-rhel9 | Fixed | RHSA-2025:1249 | 10.02.2025 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | automation-controller | Fixed | RHSA-2024:6428 | 05.09.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | python3x-django | Fixed | RHSA-2024:6428 | 05.09.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | automation-controller | Fixed | RHSA-2024:6428 | 05.09.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...
Уязвимость методов QuerySet.values() и values_list() моделей JSONField программной платформы для веб-приложений Django, позволяющая нарушителю выполнить произвольный код
EPSS
7.3 High
CVSS3