CVE-2022-34265
Description
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
92.834
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-34265 are fixed in Python-django 3.2.14 | Windows |
| Vulnerabilities CVE-2022-34265 are fixed in Python-django 4.0.6 | Windows |
| High-level Python web development framework (USN-5501-1) python-django_1.11.11-1ubuntu1.18_all.deb | Linux |
| High-level Python web development framework (USN-5501-1) python3-django_2.2.24-1ubuntu1.5_all.deb | Linux |
| High-level Python web development framework (USN-5501-1) python3-django_3.2.12-2ubuntu1.3_all.deb | Linux |
| High-level Python web development framework (USN-5501-1) python3-django_2.2.12-1ubuntu0.14_all.deb | Linux |
| High-level Python web development framework (USN-5501-1) python3-django_1.11.11-1ubuntu1.18_all.deb | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release foreman-cli-3.3.0.17-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release python39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release satellite-cli-6.12.0-4.el8sat.noarch.rpm | Linux |
| (RHSA-2022:8506) Satellite 6.12 Release satellite-clone-3.2.0-1.el8sat.noarch.rpm | Linux |
| Vulnerabilities CVE-2022-34265 are fixed in Python-django for linux 3.2.14 | Linux |
| Vulnerabilities CVE-2022-34265 are fixed in Python-django for linux 4.0.6 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234