Количество 7
Количество 7
GHSA-frmv-pr5f-9mcr
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
CVE-2025-64459
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.
CVE-2025-64459
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.
CVE-2025-64459
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5 ...
BDU:2025-13913
Уязвимость объектов QuerySet и Q программной платформы для разработки веб-приложений Django, позволяющая нарушителю раскрыть и изменить защищаемую информацию
SUSE-SU-2025:4100-1
Security update for python-Django
ROS-20251125-12
Уязвимость python3-django
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-frmv-pr5f-9mcr Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. | CVSS3: 9.1 | 0% Низкий | 26 дней назад |
 | CVE-2025-64459 An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue. | CVSS3: 9.1 | 0% Низкий | 26 дней назад |
 | CVE-2025-64459 An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue. | CVSS3: 9.1 | 0% Низкий | 26 дней назад |
| CVE-2025-64459 An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5 ... | CVSS3: 9.1 | 0% Низкий | 26 дней назад |
 | BDU:2025-13913 Уязвимость объектов QuerySet и Q программной платформы для разработки веб-приложений Django, позволяющая нарушителю раскрыть и изменить защищаемую информацию | CVSS3: 9.1 | 0% Низкий | 26 дней назад |
 | SUSE-SU-2025:4100-1 Security update for python-Django | 17 дней назад | ||
 | ROS-20251125-12 Уязвимость python3-django | CVSS3: 9.1 | 0% Низкий | 6 дней назад |
Уязвимостей на страницу