Bug 2072459 (CVE-2022-28347) - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL
Summary: CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-28347
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2074868 2074870 2074873 2074875 2074877 2074880 2074882 2074883 2074884 2074885 2074904 2074905 2074906 2074908 2074909 2074910 2074911 2074912 2074913 2074914 2074969 2074970 2074971 2074972 2074973 2074974 2074975 2074976 2074977 2074978 2074979 2074980 2075664 2075665 2075922 2075923 2075924 2076568 2076569 2076570 2085188 2102713 2102714 2102715
Blocks: 2072463
TreeView+ depends on / blocked
 
Reported: 2022-04-06 11:12 UTC by Vipul Nair
Modified: 2022-11-16 08:18 UTC (History)
63 users (show)

Fixed In Version: Django 4.0.4, Django 3.2.13, Django 2.2.28
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely.
Clone Of:
Environment:
Last Closed: 2022-08-30 12:25:55 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5498 0 None None None 2022-07-05 14:27:51 UTC
Red Hat Product Errata RHSA-2022:5602 0 None None None 2022-07-19 13:03:37 UTC
Red Hat Product Errata RHSA-2022:5702 0 None None None 2022-07-25 18:13:45 UTC
Red Hat Product Errata RHSA-2022:5703 0 None None None 2022-07-25 19:51:49 UTC

Description Vipul Nair 2022-04-06 11:12:57 UTC
``QuerySet.explain()`` method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
``**options`` argument.

This issue has High severity, according to the Django security policy [1].

Comment 2 Vipul Nair 2022-04-13 09:28:11 UTC
Created autotest-framework tracking bugs for this issue:

Affects: epel-all [bug 2074870]


Created graphite-web tracking bugs for this issue:

Affects: epel-all [bug 2074873]


Created netbox tracking bugs for this issue:

Affects: epel-all [bug 2074868]
Affects: fedora-all [bug 2074882]


Created python-django-ajax-selects tracking bugs for this issue:

Affects: epel-all [bug 2074875]


Created python-django-helpdesk tracking bugs for this issue:

Affects: epel-all [bug 2074877]


Created python-django-nose tracking bugs for this issue:

Affects: fedora-all [bug 2074883]


Created python-django-uuslug tracking bugs for this issue:

Affects: fedora-all [bug 2074884]


Created zezere tracking bugs for this issue:

Affects: epel-all [bug 2074880]
Affects: fedora-all [bug 2074885]

Comment 17 errata-xmlrpc 2022-07-05 14:27:47 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498

Comment 20 errata-xmlrpc 2022-07-19 13:03:34 UTC
This issue has been addressed in the following products:

  RHUI 4 for RHEL 8

Via RHSA-2022:5602 https://access.redhat.com/errata/RHSA-2022:5602

Comment 21 errata-xmlrpc 2022-07-25 18:13:41 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.1 for RHEL 8

Via RHSA-2022:5702 https://access.redhat.com/errata/RHSA-2022:5702

Comment 22 errata-xmlrpc 2022-07-25 19:51:46 UTC
This issue has been addressed in the following products:

  Red Hat Automation Hub 4.2 for RHEL 8
  Red Hat Automation Hub 4.2 for RHEL 7

Via RHSA-2022:5703 https://access.redhat.com/errata/RHSA-2022:5703

Comment 23 Product Security DevOps Team 2022-08-30 12:25:51 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-28347


Note You need to log in before you can comment on or make changes to this bug.