vulnerability
Red Hat: CVE-2022-28346: Moderate: Satellite 6.11 Release (RHSA-2022:5498)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Apr 12, 2022 | Jul 14, 2022 | Oct 17, 2022 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Apr 12, 2022
Added
Jul 14, 2022
Modified
Oct 17, 2022
Description
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Solutions
redhat-upgrade-foreman-cliredhat-upgrade-rubygem-amazing_printredhat-upgrade-rubygem-apipie-bindingsredhat-upgrade-rubygem-clampredhat-upgrade-rubygem-domain_nameredhat-upgrade-rubygem-fast_gettextredhat-upgrade-rubygem-foreman_maintainredhat-upgrade-rubygem-hammer_cliredhat-upgrade-rubygem-hammer_cli_foremanredhat-upgrade-rubygem-hammer_cli_foreman_adminredhat-upgrade-rubygem-hammer_cli_foreman_ansibleredhat-upgrade-rubygem-hammer_cli_foreman_azure_rmredhat-upgrade-rubygem-hammer_cli_foreman_bootdiskredhat-upgrade-rubygem-hammer_cli_foreman_discoveryredhat-upgrade-rubygem-hammer_cli_foreman_openscapredhat-upgrade-rubygem-hammer_cli_foreman_remote_executionredhat-upgrade-rubygem-hammer_cli_foreman_tasksredhat-upgrade-rubygem-hammer_cli_foreman_templatesredhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configureredhat-upgrade-rubygem-hammer_cli_foreman_webhooksredhat-upgrade-rubygem-hammer_cli_katelloredhat-upgrade-rubygem-hashieredhat-upgrade-rubygem-highlineredhat-upgrade-rubygem-http-cookieredhat-upgrade-rubygem-jwtredhat-upgrade-rubygem-little-pluggerredhat-upgrade-rubygem-localeredhat-upgrade-rubygem-loggingredhat-upgrade-rubygem-mime-typesredhat-upgrade-rubygem-mime-types-dataredhat-upgrade-rubygem-multi_jsonredhat-upgrade-rubygem-netrcredhat-upgrade-rubygem-oauthredhat-upgrade-rubygem-powerbarredhat-upgrade-rubygem-rest-clientredhat-upgrade-rubygem-unfredhat-upgrade-rubygem-unf_extredhat-upgrade-rubygem-unf_ext-debuginforedhat-upgrade-rubygem-unf_ext-debugsourceredhat-upgrade-rubygem-unicoderedhat-upgrade-rubygem-unicode-debuginforedhat-upgrade-rubygem-unicode-debugsourceredhat-upgrade-rubygem-unicode-display_widthredhat-upgrade-satellite-cliredhat-upgrade-satellite-cloneredhat-upgrade-satellite-maintainredhat-upgrade-tfm-rubygem-amazing_printredhat-upgrade-tfm-rubygem-apipie-bindingsredhat-upgrade-tfm-rubygem-clampredhat-upgrade-tfm-rubygem-domain_nameredhat-upgrade-tfm-rubygem-fast_gettextredhat-upgrade-tfm-rubygem-hammer_cliredhat-upgrade-tfm-rubygem-hammer_cli_foremanredhat-upgrade-tfm-rubygem-hammer_cli_foreman_adminredhat-upgrade-tfm-rubygem-hammer_cli_foreman_ansibleredhat-upgrade-tfm-rubygem-hammer_cli_foreman_azure_rmredhat-upgrade-tfm-rubygem-hammer_cli_foreman_bootdiskredhat-upgrade-tfm-rubygem-hammer_cli_foreman_discoveryredhat-upgrade-tfm-rubygem-hammer_cli_foreman_openscapredhat-upgrade-tfm-rubygem-hammer_cli_foreman_remote_executionredhat-upgrade-tfm-rubygem-hammer_cli_foreman_tasksredhat-upgrade-tfm-rubygem-hammer_cli_foreman_templatesredhat-upgrade-tfm-rubygem-hammer_cli_foreman_virt_who_configureredhat-upgrade-tfm-rubygem-hammer_cli_foreman_webhooksredhat-upgrade-tfm-rubygem-hammer_cli_katelloredhat-upgrade-tfm-rubygem-hashieredhat-upgrade-tfm-rubygem-highlineredhat-upgrade-tfm-rubygem-http-cookieredhat-upgrade-tfm-rubygem-jwtredhat-upgrade-tfm-rubygem-little-pluggerredhat-upgrade-tfm-rubygem-localeredhat-upgrade-tfm-rubygem-loggingredhat-upgrade-tfm-rubygem-mime-typesredhat-upgrade-tfm-rubygem-mime-types-dataredhat-upgrade-tfm-rubygem-multi_jsonredhat-upgrade-tfm-rubygem-netrcredhat-upgrade-tfm-rubygem-oauthredhat-upgrade-tfm-rubygem-powerbarredhat-upgrade-tfm-rubygem-rest-clientredhat-upgrade-tfm-rubygem-unfredhat-upgrade-tfm-rubygem-unf_extredhat-upgrade-tfm-rubygem-unf_ext-debuginforedhat-upgrade-tfm-rubygem-unicoderedhat-upgrade-tfm-rubygem-unicode-debuginforedhat-upgrade-tfm-rubygem-unicode-display_widthredhat-upgrade-tfm-runtime
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.