Fixed
Created: Apr 11, 2022
Updated: May 5, 2022
Resolved Date: May 5, 2022
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
https://nvd.nist.gov/vuln/detail/CVE-2022-28346