exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2025-13372

17 дней назад

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

CVSS3: 4.3

EPSS: Низкий

CVE-2025-13372

17 дней назад

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

CVSS3: 4.3

EPSS: Низкий

CVE-2025-13372

17 дней назад

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...

CVSS3: 4.3

EPSS: Низкий

GHSA-rqw2-ghq9-44m7

17 дней назад

Django is vulnerable to SQL injection in column aliases

CVSS3: 4.3

EPSS: Низкий

SUSE-SU-2025:4384-1

8 дней назад

Security update for python-Django

EPSS: Низкий

openSUSE-SU-2025:20153-1

11 дней назад

Security update for python-Django

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-13372 An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.	CVSS3: 4.3	0% Низкий	17 дней назад
CVE-2025-13372 An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.	CVSS3: 4.3	0% Низкий	17 дней назад
CVE-2025-13372 An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...	CVSS3: 4.3	0% Низкий	17 дней назад
GHSA-rqw2-ghq9-44m7 Django is vulnerable to SQL injection in column aliases	CVSS3: 4.3	0% Низкий	17 дней назад
SUSE-SU-2025:4384-1 Security update for python-Django			8 дней назад
openSUSE-SU-2025:20153-1 Security update for python-Django			11 дней назад

Уязвимостей на страницу