[3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. - django.git

diff options

author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-04-01 08:10:22 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-04-11 09:12:06 +0200
commit	2044dac5c6968441be6f534c4139bcf48c5c7e48 (patch)
tree	993e5e22e6a9f861989bb977fc182a176ae54705 /package.json
parent	bdb92dba0b07e2bac17795f0d515eb9d105addf8 (diff)

[3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.

Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report. Backport of 93cae5cb2f9a4ef1514cf1a41f714fef08005200 from main.

Diffstat (limited to 'package.json')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: