Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 775
GHSA-9v8h-57gv-qch6
Django vulnerable to Denial of Service via i18n middleware component
GHSA-qc99-g3wm-hgxr
Django Arbitrary Code Execution
GHSA-mwv2-398h-v489
Django Improper Access Control
GHSA-w24h-v9qh-8gxj
SQL Injection in Django
GHSA-2gwj-7jmv-h26r
SQL Injection in Django
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-9v8h-57gv-qch6 Django vulnerable to Denial of Service via i18n middleware component | CVSS3: 5.9 | 2% Низкий | почти 4 года назад |
| GHSA-qc99-g3wm-hgxr Django Arbitrary Code Execution | 1% Низкий | почти 4 года назад | |
| GHSA-mwv2-398h-v489 Django Improper Access Control | 1% Низкий | почти 4 года назад | |
| GHSA-w24h-v9qh-8gxj SQL Injection in Django | CVSS3: 9.8 | 1% Низкий | почти 4 года назад |
| GHSA-2gwj-7jmv-h26r SQL Injection in Django | CVSS3: 9.8 | 2% Низкий | почти 4 года назад |
 | CVE-2022-28347 A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. | CVSS3: 9.8 | 1% Низкий | почти 4 года назад |
| CVE-2022-28347 A SQL injection issue was discovered in QuerySet.explain() in Django 2 ... | CVSS3: 9.8 | 1% Низкий | почти 4 года назад |
| CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | CVSS3: 9.8 | 2% Низкий | почти 4 года назад |
| CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ... | CVSS3: 9.8 | 2% Низкий | почти 4 года назад |
 | CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | CVSS3: 9.8 | 2% Низкий | почти 4 года назад |
Уязвимостей на страницу