Описание
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.8 |
| devel | released | 2:2.2.10-1ubuntu1 |
| eoan | released | 1:1.11.22-1ubuntu1.3 |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.8 |
| esm-infra/xenial | not-affected | 1.8.7-1ubuntu5.12 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | |
| upstream | released | 2.2.11,1.11.29 |
Показывать по
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...
Уязвимость библиотеки Django для языка программирования Python, позволяющая нарушителю выполнить произвольный код
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3