diff options
| author | Simon Charette <charette.s@gmail.com> | 2024-07-25 18:19:13 +0200 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-07-31 16:12:35 +0200 |
| commit | f4af67b9b41e0f4c117a8741da3abbd1c869ab28 (patch) | |
| tree | 7c1dafe68ebba7fe818f1512e85d404bb73072f9 /docs | |
| parent | efea1ef7e2190e3f77ca0651b5458297bc0f6a9f (diff) | |
[4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
Thanks Eyal (eyalgabay) for the report.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/4.2.15.txt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/releases/4.2.15.txt b/docs/releases/4.2.15.txt index 1c6a1c7ede..b1d4684596 100644 --- a/docs/releases/4.2.15.txt +++ b/docs/releases/4.2.15.txt @@ -30,6 +30,13 @@ CVE-2024-41991: Potential denial-of-service vulnerability in ``django.utils.html subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. +CVE-2024-42005: Potential SQL injection in ``QuerySet.values()`` and ``values_list()`` +====================================================================================== + +:meth:`.QuerySet.values` and :meth:`~.QuerySet.values_list` methods on models +with a ``JSONField`` were subject to SQL injection in column aliases, via a +crafted JSON object key as a passed ``*arg``. + Bugfixes ======== |
