summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorSimon Charette <charette.s@gmail.com>2024-07-25 18:19:13 +0200
committerSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2024-07-31 16:12:35 +0200
commitf4af67b9b41e0f4c117a8741da3abbd1c869ab28 (patch)
tree7c1dafe68ebba7fe818f1512e85d404bb73072f9 /docs
parentefea1ef7e2190e3f77ca0651b5458297bc0f6a9f (diff)
[4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
Thanks Eyal (eyalgabay) for the report.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/4.2.15.txt7
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/releases/4.2.15.txt b/docs/releases/4.2.15.txt
index 1c6a1c7ede..b1d4684596 100644
--- a/docs/releases/4.2.15.txt
+++ b/docs/releases/4.2.15.txt
@@ -30,6 +30,13 @@ CVE-2024-41991: Potential denial-of-service vulnerability in ``django.utils.html
subject to a potential denial-of-service attack via certain inputs with a very
large number of Unicode characters.
+CVE-2024-42005: Potential SQL injection in ``QuerySet.values()`` and ``values_list()``
+======================================================================================
+
+:meth:`.QuerySet.values` and :meth:`~.QuerySet.values_list` methods on models
+with a ``JSONField`` were subject to SQL injection in column aliases, via a
+crafted JSON object key as a passed ``*arg``.
+
Bugfixes
========