Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 673
GHSA-9v8h-57gv-qch6
Django vulnerable to Denial of Service via i18n middleware component
GHSA-mwv2-398h-v489
Django Improper Access Control
GHSA-qc99-g3wm-hgxr
Django Arbitrary Code Execution
GHSA-w24h-v9qh-8gxj
SQL Injection in Django
GHSA-2gwj-7jmv-h26r
SQL Injection in Django
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-9v8h-57gv-qch6 Django vulnerable to Denial of Service via i18n middleware component | CVSS3: 5.9 | 2% Низкий | около 3 лет назад |
| GHSA-mwv2-398h-v489 Django Improper Access Control | 1% Низкий | около 3 лет назад | |
| GHSA-qc99-g3wm-hgxr Django Arbitrary Code Execution | 1% Низкий | около 3 лет назад | |
| GHSA-w24h-v9qh-8gxj SQL Injection in Django | CVSS3: 9.8 | 1% Низкий | около 3 лет назад |
| GHSA-2gwj-7jmv-h26r SQL Injection in Django | CVSS3: 9.8 | 2% Низкий | около 3 лет назад |
 | CVE-2022-28347 A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. | CVSS3: 9.8 | 1% Низкий | около 3 лет назад |
| CVE-2022-28347 A SQL injection issue was discovered in QuerySet.explain() in Django 2 ... | CVSS3: 9.8 | 1% Низкий | около 3 лет назад |
| CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | CVSS3: 9.8 | 2% Низкий | около 3 лет назад |
| CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ... | CVSS3: 9.8 | 2% Низкий | около 3 лет назад |
 | CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | CVSS3: 9.8 | 2% Низкий | около 3 лет назад |
Уязвимостей на страницу