Bug 2072447 (CVE-2022-28346)
Summary: | CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vipul Nair <vinair> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | amctagga, aoconnor, apevec, bazanluis20, bbuckingham, bcoca, bcourt, bkearney, bniver, btotty, chousekn, cmeyers, cqi, crosa, davidn, dzickus, eglynn, ehelms, extras-orphan, flucifre, gblomqui, gmeno, igor.raits, jcammara, jhardy, jjoyce, jobarker, jonathansteffan, jsherril, jvisser, jwong, kaycoth, kshier, lhh, lzap, mabashia, mbenjamin, mburns, mhackett, mhulan, mkrizek, mmccune, mrunge, myarboro, ngompa13, nmoumoul, notting, orabin, osapryki, pbrobinson, pcreech, piotr1212, rchan, rdopiera, relrod, rhos-maint, rpetrell, sdoran, security-response-team, smcdonal, sostapov, spower, tkuratom, tmeszaro, vereddy |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Django 4.0.4, Django 3.2.13, Django 2.2.28 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-06-22 21:06:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2074856, 2074857, 2074859, 2074860, 2074858, 2074861, 2074862, 2074863, 2074864, 2074865, 2074866, 2074867, 2074869, 2074871, 2074872, 2074874, 2074876, 2074878, 2074879, 2074881, 2074954, 2074955, 2074956, 2074957, 2074958, 2074959, 2074960, 2074961, 2074962, 2074963, 2074964, 2074965, 2075662, 2075663, 2075919, 2075920, 2075921, 2076571, 2076572, 2076573, 2085188, 2102716, 2102717, 2102718 | ||
Bug Blocks: | 2072463 |
Description
Vipul Nair
2022-04-06 10:47:30 UTC
Created autotest-framework tracking bugs for this issue: Affects: epel-all [bug 2074857] Created graphite-web tracking bugs for this issue: Affects: epel-all [bug 2074858] Created netbox tracking bugs for this issue: Affects: epel-all [bug 2074856] Affects: fedora-all [bug 2074862] Created python-django-ajax-selects tracking bugs for this issue: Affects: epel-all [bug 2074859] Created python-django-helpdesk tracking bugs for this issue: Affects: epel-all [bug 2074860] Created python-django-nose tracking bugs for this issue: Affects: fedora-all [bug 2074863] Created python-django-uuslug tracking bugs for this issue: Affects: fedora-all [bug 2074864] Created zezere tracking bugs for this issue: Affects: epel-all [bug 2074861] Affects: fedora-all [bug 2074865] This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:5115 https://access.redhat.com/errata/RHSA-2022:5115 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-28346 This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498 This issue has been addressed in the following products: RHUI 4 for RHEL 8 Via RHSA-2022:5602 https://access.redhat.com/errata/RHSA-2022:5602 This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.1 for RHEL 8 Via RHSA-2022:5702 https://access.redhat.com/errata/RHSA-2022:5702 This issue has been addressed in the following products: Red Hat Automation Hub 4.2 for RHEL 8 Red Hat Automation Hub 4.2 for RHEL 7 Via RHSA-2022:5703 https://access.redhat.com/errata/RHSA-2022:5703 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:8872 https://access.redhat.com/errata/RHSA-2022:8872 |