[4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. - django.git

diff options

author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-04-01 08:10:22 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-04-11 09:02:14 +0200
commit	800828887a0509ad1162d6d407e94d8de7eafc60 (patch)
tree	f1c50a76740eca6a6bfb1bcedfba68e9cb5b5075 /django/db/backends/postgresql/features.py
parent	78e553b48a728ba68b427a8108e1247e5bb46048 (diff)

[4.0.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.

Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.

Diffstat (limited to 'django/db/backends/postgresql/features.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: