Описание
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
A flaw was found in Django. A couple of QuerySet methods are subject to SQL injection in column aliases, using a suitably crafted dictionary.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-cni-rhel9 | Not affected | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-must-gather-rhel9 | Not affected | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-pilot-rhel9 | Not affected | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-proxyv2-rhel9 | Affected | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-rhel9-operator | Not affected | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-sail-operator-bundle | Not affected | ||
| OpenShift Service Mesh 3 | openshift-service-mesh-tech-preview/istio-ztunnel-rhel9 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/lightspeed-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/ansible-dev-tools-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | automation-controller | Not affected |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13 ...
Django vulnerable to SQL injection in column aliases
Уязвимость методов QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() программной платформы для веб-приложений Django, позволяющая нарушителю оказать влияние на конфиденциальность и целостность защищаемой информации
8.1 High
CVSS3