vulnerability

Oracle Solaris 11: CVE-2020-9402: Vulnerability in Django

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Mar 5, 2020
Added
Jan 19, 2021
Modified
Feb 17, 2022

Description

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.

Solutions

oracle-solaris-11-4-upgrade-legacy-library-python-django-27-1-11-29-11-4-21-0-1-69-0oracle-solaris-11-4-upgrade-legacy-library-python-django-34-1-11-29-11-4-21-0-1-69-0oracle-solaris-11-4-upgrade-legacy-library-python-django-35-1-11-29-11-4-21-0-1-69-0oracle-solaris-11-4-upgrade-library-python-2-django-1-4-10-11-4-0-0-1-9-0oracle-solaris-11-4-upgrade-library-python-2-django-26-1-4-22-11-4-0-0-0-13-0oracle-solaris-11-4-upgrade-library-python-2-django-27-1-4-10-11-4-0-0-1-9-0oracle-solaris-11-4-upgrade-library-python-django-1-11-29-11-4-21-0-1-69-0oracle-solaris-11-4-upgrade-library-python-django-26-1-4-22-11-4-0-0-1-9-0oracle-solaris-11-4-upgrade-library-python-django-27-1-11-29-11-4-21-0-1-69-0oracle-solaris-11-4-upgrade-library-python-django-34-1-11-29-11-4-21-0-1-69-0oracle-solaris-11-4-upgrade-library-python-django-35-1-11-29-11-4-21-0-1-69-0oracle-solaris-11-4-upgrade-library-python-django-37-1-11-29-11-4-21-0-1-69-0

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today