meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-15 04:21:15 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Soumya Sambu	376f3a1aba	python3-django: Fix CVE-2024-42005 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. References: https://nvd.nist.gov/vuln/detail/CVE-2024-42005 Upstream-patch: `f4af67b9b4` Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2024-08-25 18:12:26 -04:00

Soumya Sambu

376f3a1aba

python3-django: Fix CVE-2024-42005

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key
as a passed *arg.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-42005

Upstream-patch:
f4af67b9b4

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2024-08-25 18:12:26 -04:00

1 Commits