Lucene search

PRIOn knowledge basePRION:CVE-2020-7471

HistoryFeb 03, 2020 - 12:15 p.m.

Sql injection

2020-02-0312:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.0%

JSON

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.

CPENameOperatorVersion
djangoge3.0
djangolt3.0.3
djangoge2.2
djangolt2.2.10
djangoge1.11
djangolt1.11.28

Name	Operator	Version
django	ge	3.0
django	lt	3.0.3
django	ge	2.2
django	lt	2.2.10
django	ge	1.11
django	lt	1.11.28

References

www.openwall.com/lists/oss-security/2020/02/03/1

docs.djangoproject.com/en/3.0/releases/security/

github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136

groups.google.com/forum/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/

seclists.org/bugtraq/2020/Feb/30

security.gentoo.org/glsa/202004-17

security.netapp.com/advisory/ntap-20200221-0006/

usn.ubuntu.com/4264-1/

www.debian.org/security/2020/dsa-4629

www.djangoproject.com/weblog/2020/feb/03/security-releases/