SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Django Dictionary Expansion SQL Injection

Category: WEB-ATTACKS      

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

Relevant Information


© SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0