GHSA-2gwj-7jmv-h26r

Source

https://github.com/advisories/GHSA-2gwj-7jmv-h26r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-2gwj-7jmv-h26r/GHSA-2gwj-7jmv-h26r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2gwj-7jmv-h26r

Aliases

Published

2022-04-13T00:00:33Z

Modified

2024-02-18T05:33:01.422337Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

SQL Injection in Django

Details

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Fixed

2.2.28

Affected versions

2.*

2.2

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

2.2.16

2.2.17

2.2.18

2.2.19

2.2.20

2.2.21

2.2.22

2.2.23

2.2.24

2.2.25

2.2.26

2.2.27

Ecosystem specific

{
    "affected_functions": [
        "django.db.models.QuerySet.annotate",
        "django.db.models.QuerySet.aggregate",
        "django.db.models.QuerySet.extra"
    ]
}

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2

Fixed

3.2.13

Affected versions

3.*

3.2

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

3.2.11

3.2.12

Ecosystem specific

{
    "affected_functions": [
        "django.db.models.QuerySet.annotate",
        "django.db.models.QuerySet.aggregate",
        "django.db.models.QuerySet.extra"
    ]
}

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0

Fixed

4.0.4

Affected versions

4.*

4.0

4.0.1

4.0.2

4.0.3

Ecosystem specific

{
    "affected_functions": [
        "django.db.models.QuerySet.annotate",
        "django.db.models.QuerySet.aggregate",
        "django.db.models.QuerySet.extra"
    ]
}