Lucene search
PRIOn knowledge basePRION:CVE-2022-34265HistoryJul 04, 2022 - 4:15 p.m.
Sql injection
2022-07-0416:15:00
PRIOn knowledge base
www.prio-n.com
9
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
References
docs.djangoproject.com/en/4.0/releases/security/
groups.google.com/forum/
lists.fedoraproject.org/archives/list/[email protected]/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
lists.fedoraproject.org/archives/list/[email protected]/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
security.netapp.com/advisory/ntap-20220818-0006/
www.debian.org/security/2022/dsa-5254
www.djangoproject.com/weblog/2022/jul/04/security-releases/
Related
githubexploit
githubexploit
Exploit for SQL Injection in Djangoproject Django
2022-07-13 13:02:41
Exploit for SQL Injection in Djangoproject Django
2022-08-24 07:29:30
Exploit for SQL Injection in Djangoproject Django
2022-09-08 21:22:28
alpinelinux
alpinelinux
CVE-2022-34265
2022-07-04 16:15:09
debiancve
debiancve
CVE-2022-34265
2022-07-04 16:15:09
jvn
jvn
JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection
2022-07-12 00:00:00
osv
osv
PYSEC-2022-213
2022-07-04 16:15:00
BIT-django-2022-34265
2024-03-06 10:52:46
CVE-2022-34265
2022-07-04 16:15:09
nessus
nessus
RHEL 8 : Django 3.2.14 Security Update (Important) (RHSA-2022:5738)
2024-04-28 00:00:00
FreeBSD : Django -- multiple vulnerabilities (5be19b0d-fb85-11ec-95cd-080027b24e86)
2022-07-04 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Django vulnerability (USN-5501-1)
2022-07-04 00:00:00
openvas
openvas
Django < 3.2.14, 4.x < 4.0.6 SQLi Vulnerability - Linux
2022-07-05 00:00:00
Ubuntu: Security Advisory (USN-5501-1)
2022-07-05 00:00:00
Django < 3.2.14, 4.x < 4.0.6 SQLi Vulnerability - Windows
2022-07-05 00:00:00
nvd
nvd
CVE-2022-34265
2022-07-04 16:15:09
ubuntucve
ubuntucve
CVE-2022-34265
2022-07-04 00:00:00
redhatcve
redhatcve
CVE-2022-34265
2022-07-04 14:36:30
cve
cve
CVE-2022-34265
2022-07-04 16:15:09
freebsd
freebsd
Django -- multiple vulnerabilities
2022-06-21 00:00:00
ubuntu
ubuntu
Django vulnerability
2022-07-04 00:00:00
veracode
veracode
SQL Injection
2022-07-05 04:15:37
redhat
redhat
(RHSA-2022:5738) Important: Django 3.2.14 Security Update
2022-07-27 14:32:20
(RHSA-2022:8506) Important: Satellite 6.12 Release
2022-11-16 13:21:30
github
github
cvelist
cvelist
CVE-2022-34265
2022-07-04 00:00:00
mageia
mageia
Updated python-django packages fix security vulnerability
2022-08-13 05:32:35
altlinux
altlinux
debian
debian
[SECURITY] [DLA 3164-1] python-django security update
2022-10-28 17:28:30
[SECURITY] [DSA 5254-1] python-django security update
2022-10-15 16:00:48
fedora
fedora
[SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37
2023-04-28 02:04:16
[SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38
2023-04-28 02:37:47
rocky
rocky
Satellite 6.12 Release
2022-11-16 13:21:30