Description

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

Remediation

References

CVE-2022-28346

Related Vulnerabilities

WordPress Plugin WP Activity Log PHP Object Injection (3.2.5)

Java Unspesificed Vulnerability (CVE-2019-2818)

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3967)

Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.26)

Severity

Critical

Classification

CVE-2022-28346 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities