Bug 2072447 (CVE-2022-28346) - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra()
Summary: CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and e...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-28346
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2074856 2074857 2074859 2074860 2074858 2074861 2074862 2074863 2074864 2074865 2074866 2074867 2074869 2074871 2074872 2074874 2074876 2074878 2074879 2074881 2074954 2074955 2074956 2074957 2074958 2074959 2074960 2074961 2074962 2074963 2074964 2074965 2075662 2075663 2075919 2075920 2075921 2076571 2076572 2076573 2085188 2102716 2102717 2102718
Blocks: 2072463
TreeView+ depends on / blocked
 
Reported: 2022-04-06 10:47 UTC by Vipul Nair
Modified: 2022-12-07 20:27 UTC (History)
65 users (show)

Fixed In Version: Django 4.0.4, Django 3.2.13, Django 2.2.28
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
Clone Of:
Environment:
Last Closed: 2022-06-22 21:06:32 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5115 0 None None None 2022-06-22 16:06:15 UTC
Red Hat Product Errata RHSA-2022:5498 0 None None None 2022-07-05 14:27:47 UTC
Red Hat Product Errata RHSA-2022:5602 0 None None None 2022-07-19 13:03:36 UTC
Red Hat Product Errata RHSA-2022:5702 0 None None None 2022-07-25 18:13:44 UTC
Red Hat Product Errata RHSA-2022:5703 0 None None None 2022-07-25 19:51:44 UTC
Red Hat Product Errata RHSA-2022:8872 0 None None None 2022-12-07 20:27:28 UTC

Description Vipul Nair 2022-04-06 10:47:30 UTC
``QuerySet.annotate()`, ``aggregate()``, and ``extra()`` methods were
subject
to SQL injection in column aliases, using a suitably crafted dictionary,
with
dictionary expansion, as the ``**kwargs`` passed to these methods.

This issue has High severity, according to the Django security policy [1].

Comment 2 Vipul Nair 2022-04-13 09:27:11 UTC
Created autotest-framework tracking bugs for this issue:

Affects: epel-all [bug 2074857]


Created graphite-web tracking bugs for this issue:

Affects: epel-all [bug 2074858]


Created netbox tracking bugs for this issue:

Affects: epel-all [bug 2074856]
Affects: fedora-all [bug 2074862]


Created python-django-ajax-selects tracking bugs for this issue:

Affects: epel-all [bug 2074859]


Created python-django-helpdesk tracking bugs for this issue:

Affects: epel-all [bug 2074860]


Created python-django-nose tracking bugs for this issue:

Affects: fedora-all [bug 2074863]


Created python-django-uuslug tracking bugs for this issue:

Affects: fedora-all [bug 2074864]


Created zezere tracking bugs for this issue:

Affects: epel-all [bug 2074861]
Affects: fedora-all [bug 2074865]

Comment 12 errata-xmlrpc 2022-06-22 16:06:11 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2022:5115 https://access.redhat.com/errata/RHSA-2022:5115

Comment 13 Product Security DevOps Team 2022-06-22 21:06:28 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-28346

Comment 17 errata-xmlrpc 2022-07-05 14:27:43 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498

Comment 18 errata-xmlrpc 2022-07-19 13:03:33 UTC
This issue has been addressed in the following products:

  RHUI 4 for RHEL 8

Via RHSA-2022:5602 https://access.redhat.com/errata/RHSA-2022:5602

Comment 19 errata-xmlrpc 2022-07-25 18:13:40 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.1 for RHEL 8

Via RHSA-2022:5702 https://access.redhat.com/errata/RHSA-2022:5702

Comment 20 errata-xmlrpc 2022-07-25 19:51:40 UTC
This issue has been addressed in the following products:

  Red Hat Automation Hub 4.2 for RHEL 8
  Red Hat Automation Hub 4.2 for RHEL 7

Via RHSA-2022:5703 https://access.redhat.com/errata/RHSA-2022:5703

Comment 21 errata-xmlrpc 2022-12-07 20:27:25 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2022:8872 https://access.redhat.com/errata/RHSA-2022:8872


Note You need to log in before you can comment on or make changes to this bug.