An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 04:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html - Mailing List, Third Party Advisory | |
References | () https://docs.djangoproject.com/en/dev/releases/security/ - Vendor Advisory | |
References | () https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/ - | |
References | () https://seclists.org/bugtraq/2019/Aug/15 - Mailing List, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/202004-17 - | |
References | () https://security.netapp.com/advisory/ntap-20190828-0002/ - | |
References | () https://www.debian.org/security/2019/dsa-4498 - Third Party Advisory | |
References | () https://www.djangoproject.com/weblog/2019/aug/01/security-releases/ - Vendor Advisory |
07 Nov 2023, 03:04
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-08-09 13:15
Updated : 2024-11-21 04:26
NVD link : CVE-2019-14234
Mitre link : CVE-2019-14234
CVE.ORG link : CVE-2019-14234
JSON object : View
Products Affected
debian
- debian_linux
djangoproject
- django
fedoraproject
- fedora
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')