Описание
Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2025-57833: Fixed potential SQL injection in FilteredRelation column aliases (bsc#1248810)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP6
python311-Django-4.2.11-150600.3.30.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
python311-Django-4.2.11-150600.3.30.1
openSUSE Leap 15.6
python311-Django-4.2.11-150600.3.30.1
Ссылки
- Link for SUSE-SU-2025:03074-1
- E-Mail link for SUSE-SU-2025:03074-1
- SUSE Security Ratings
- SUSE Bug 1248810
- SUSE CVE CVE-2025-57833 page
Описание
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.30.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python311-Django-4.2.11-150600.3.30.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.30.1
Ссылки
- CVE-2025-57833
- SUSE Bug 1248810