diff options
Diffstat (limited to 'docs/releases/6.0.2.txt')
| -rw-r--r-- | docs/releases/6.0.2.txt | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/6.0.2.txt b/docs/releases/6.0.2.txt index 0cb1037f86..884c873a6d 100644 --- a/docs/releases/6.0.2.txt +++ b/docs/releases/6.0.2.txt @@ -54,6 +54,19 @@ HTML end tags, which could cause quadratic time complexity during HTML parsing. This issue has severity "moderate" according to the :ref:`Django security policy <security-disclosure>`. +CVE-2026-1287: Potential SQL injection in column aliases via control characters +=============================================================================== + +:class:`.FilteredRelation` was subject to SQL injection in column aliases via +control characters, using a suitably crafted dictionary, with dictionary +expansion, as the ``**kwargs`` passed to :meth:`.QuerySet.annotate`, +:meth:`~.QuerySet.aggregate`, :meth:`~.QuerySet.extra`, +:meth:`~.QuerySet.values`, :meth:`~.QuerySet.values_list`, and +:meth:`~.QuerySet.alias`. + +This issue has severity "high" according to the :ref:`Django security policy +<security-disclosure>`. + Bugfixes ======== |