BIT-django-2024-53908
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/django/BIT-django-2024-53908.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-django-2024-53908
- Aliases
- Published
- 2025-03-10T08:13:29.171Z
- Modified
- 2025-04-03T14:40:37.652Z
- Summary
- [none]
- Details
-
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.haskey lookup via _ are unaffected.)
- Database specific
{ "cpes": [ "cpe:2.3:a:djangoproject:django:*:*:*:*:*:python:*:*" ], "severity": "Critical" }- References
Affected packages
Bitnami / django
Package
- Name
- django
- Purl
- pkg:bitnami/django
Severity
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator