Sunday, April 24, 2022

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVSS:7.5) (Last Update:2022-04-19)
http://dlvr.it/SP8R4F

No comments:

Post a Comment

Tenable Introduces Visibility Across IT, OT, and IoT Domains - Dark Reading

Tenable Introduces Visibility Across IT, OT, and IoT Domains  Dark Reading http://dlvr.it/T3S1jZ