Description

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

Remediation

References

CVE-2022-28346

Related Vulnerabilities

Jenkins Improper Input Validation Vulnerability (CVE-2018-1999002)

WordPress Plugin Media Library Categories Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-0701)

CubeCart Improper Input Validation Vulnerability (CVE-2013-1465)

Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2019-1068)

Severity

Critical

Classification

CVE-2022-28346 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities