mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-04-17 10:38:17 +00:00
Code Issues Projects Releases Wiki Activity

python3-django: Fix CVE-2024-42005

Browse Source 
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key
as a passed *arg.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-42005

Upstream-patch:
f4af67b9b4

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Soumya Sambu
2024-08-25 15:59:14 +00:00
committed by Armin Kuster
parent b2ad711bcf
commit 376f3a1aba
2 changed files with 85 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta-python/recipes-devtools/python/python3-django_2.2.28.bb
View File

@@ -11,6 +11,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
file://CVE-2023-43665.patch \
file://CVE-2023-46695.patch \
file://CVE-2024-24680.patch \
file://CVE-2024-42005.patch \
"
SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"