mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 22:26:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.

Browse Source 
Thanks Eyal (eyalgabay) for the report.
This commit is contained in:
Simon Charette
2024-07-25 12:19:13 -04:00
committed by Sarah Boyce
parent 5f1757142f
commit c87bfaacf8
5 changed files with 38 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/expressions/models.py
View File

@@ -115,3 +115,10 @@ class UUID(models.Model):
class Text(models.Model):
name = models.TextField()
class JSONFieldModel(models.Model):
data = models.JSONField(null=True)
class Meta:
required_db_features = {"supports_json_field"}