django is vulnerable to SQL injection. An attacker is able to execute arbitrary SQL commands via the Trunc()
and Extract()
database functions which allows an attacker to execute arbitrary sql queries.
docs.djangoproject.com/en/4.0/releases/security/
github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492
github.com/django/django/commit/284b188a4194e8fa5d72a73b09a869d7dd9f0dc5
github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e
groups.google.com/forum/#!forum/django-announce
groups.google.com/g/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
lists.fedoraproject.org/archives/list/[email protected]/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
security.netapp.com/advisory/ntap-20220818-0006/
www.debian.org/security/2022/dsa-5254
www.djangoproject.com/weblog/2022/jul/04/security-releases/