diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/4.2.28.txt | 13 | ||||
| -rw-r--r-- | docs/releases/5.2.11.txt | 13 |
2 files changed, 26 insertions, 0 deletions
diff --git a/docs/releases/4.2.28.txt b/docs/releases/4.2.28.txt index 6ff358a8ec..473e44f577 100644 --- a/docs/releases/4.2.28.txt +++ b/docs/releases/4.2.28.txt @@ -53,3 +53,16 @@ HTML end tags, which could cause quadratic time complexity during HTML parsing. This issue has severity "moderate" according to the :ref:`Django security policy <security-disclosure>`. + +CVE-2026-1287: Potential SQL injection in column aliases via control characters +=============================================================================== + +:class:`.FilteredRelation` was subject to SQL injection in column aliases via +control characters, using a suitably crafted dictionary, with dictionary +expansion, as the ``**kwargs`` passed to :meth:`.QuerySet.annotate`, +:meth:`~.QuerySet.aggregate`, :meth:`~.QuerySet.extra`, +:meth:`~.QuerySet.values`, :meth:`~.QuerySet.values_list`, and +:meth:`~.QuerySet.alias`. + +This issue has severity "high" according to the :ref:`Django security policy +<security-disclosure>`. diff --git a/docs/releases/5.2.11.txt b/docs/releases/5.2.11.txt index bc5fb02063..fa14a88c0a 100644 --- a/docs/releases/5.2.11.txt +++ b/docs/releases/5.2.11.txt @@ -53,3 +53,16 @@ HTML end tags, which could cause quadratic time complexity during HTML parsing. This issue has severity "moderate" according to the :ref:`Django security policy <security-disclosure>`. + +CVE-2026-1287: Potential SQL injection in column aliases via control characters +=============================================================================== + +:class:`.FilteredRelation` was subject to SQL injection in column aliases via +control characters, using a suitably crafted dictionary, with dictionary +expansion, as the ``**kwargs`` passed to :meth:`.QuerySet.annotate`, +:meth:`~.QuerySet.aggregate`, :meth:`~.QuerySet.extra`, +:meth:`~.QuerySet.values`, :meth:`~.QuerySet.values_list`, and +:meth:`~.QuerySet.alias`. + +This issue has severity "high" according to the :ref:`Django security policy +<security-disclosure>`. |