Wind River Support Network

HomeDefectsLIN1021-3270
Fixed

LIN1021-3270 : Security Advisory - python-django - CVE-2022-28346

Created: Apr 11, 2022    Updated: Oct 27, 2022
Resolved Date: Oct 17, 2022
Found In Version: 10.21.20.1
Fix Version: 10.21.20.14
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

https://nvd.nist.gov/vuln/detail/CVE-2022-28346

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube