Sunday, April 24, 2022

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVSS:7.5) (Last Update:2022-04-19)
http://dlvr.it/SP8R4F

No comments:

Post a Comment

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allege...