mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report.
This commit is contained in:
		| @@ -5,3 +5,11 @@ Django 2.2.28 release notes | ||||
| *April 11, 2022* | ||||
|  | ||||
| Django 2.2.28 fixes two security issues with severity "high" in 2.2.27. | ||||
|  | ||||
| CVE-2022-28346: Potential SQL injection in ``QuerySet.annotate()``, ``aggregate()``, and ``extra()`` | ||||
| ==================================================================================================== | ||||
|  | ||||
| :meth:`.QuerySet.annotate`, :meth:`~.QuerySet.aggregate`, and | ||||
| :meth:`~.QuerySet.extra` methods were subject to SQL injection in column | ||||
| aliases, using a suitably crafted dictionary, with dictionary expansion, as the | ||||
| ``**kwargs`` passed to these methods. | ||||
|   | ||||
| @@ -7,6 +7,14 @@ Django 3.2.13 release notes | ||||
| Django 3.2.13 fixes two security issues with severity "high" in | ||||
| 3.2.12 and a regression in 3.2.4. | ||||
|  | ||||
| CVE-2022-28346: Potential SQL injection in ``QuerySet.annotate()``, ``aggregate()``, and ``extra()`` | ||||
| ==================================================================================================== | ||||
|  | ||||
| :meth:`.QuerySet.annotate`, :meth:`~.QuerySet.aggregate`, and | ||||
| :meth:`~.QuerySet.extra` methods were subject to SQL injection in column | ||||
| aliases, using a suitably crafted dictionary, with dictionary expansion, as the | ||||
| ``**kwargs`` passed to these methods. | ||||
|  | ||||
| Bugfixes | ||||
| ======== | ||||
|  | ||||
|   | ||||
| @@ -7,6 +7,14 @@ Django 4.0.4 release notes | ||||
| Django 4.0.4 fixes two security issues with severity "high" and two bugs in | ||||
| 4.0.3. | ||||
|  | ||||
| CVE-2022-28346: Potential SQL injection in ``QuerySet.annotate()``, ``aggregate()``, and ``extra()`` | ||||
| ==================================================================================================== | ||||
|  | ||||
| :meth:`.QuerySet.annotate`, :meth:`~.QuerySet.aggregate`, and | ||||
| :meth:`~.QuerySet.extra` methods were subject to SQL injection in column | ||||
| aliases, using a suitably crafted dictionary, with dictionary expansion, as the | ||||
| ``**kwargs`` passed to these methods. | ||||
|  | ||||
| Bugfixes | ||||
| ======== | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user