Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-13372

Опубликовано: 02 дек. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.3

Описание

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.annotate() or QuerySet.alias() on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

РелизСтатусПримечание
devel

released

3:5.2.9-0ubuntu1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

released

2:2.2.12-1ubuntu0.29+esm6
esm-infra/xenial

not-affected

code not present
jammy

released

2:3.2.12-2ubuntu1.24
noble

released

3:4.2.11-1ubuntu1.13
plucky

released

3:4.2.18-1ubuntu1.7
questing

released

3:5.2.4-1ubuntu2.2
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 1%
0.00011
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2025-13372

CVSS3: 4.3
redhat
4 месяца назад

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

nvd логотип

CVE-2025-13372

CVSS3: 4.3
nvd
4 месяца назад

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

debian логотип

CVE-2025-13372

CVSS3: 4.3
debian
4 месяца назад

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...

github логотип

GHSA-rqw2-ghq9-44m7

CVSS3: 4.3
github
4 месяца назад

Django is vulnerable to SQL injection in column aliases

fstec логотип

BDU:2026-02956

CVSS3: 4.3
fstec
4 месяца назад

Уязвимость программной платформы для веб-приложений Django, связанная с непринятием мер по защите структуры запроса sql, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 1%
0.00011
Низкий

4.3 Medium

CVSS3