Sunday, April 24, 2022

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (CVSS:7.5) (Last Update:2022-04-19)
http://dlvr.it/SP8R4F

No comments:

Post a Comment

SG students undergo AI cybersecurity education - SecurityBrief Australia

SG students undergo AI cybersecurity education  SecurityBrief Australia http://dlvr.it/SprWvM