vulnerability
Oracle Solaris 11: CVE-2019-14234: Vulnerability in Django
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2019-08-09 | 2019-10-16 | 2022-02-17 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2019-08-09
Added
2019-10-16
Modified
2022-02-17
Description
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
Solution(s)
oracle-solaris-11-4-upgrade-library-python-django-1-11-23-11-4-14-0-1-3-0oracle-solaris-11-4-upgrade-library-python-django-27-1-11-23-11-4-14-0-1-3-0oracle-solaris-11-4-upgrade-library-python-django-34-1-11-23-11-4-14-0-1-3-0oracle-solaris-11-4-upgrade-library-python-django-35-1-11-23-11-4-14-0-1-3-0oracle-solaris-11-4-upgrade-library-python-django-37-1-11-23-11-4-14-0-1-3-0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.