Django Project Django 2.2.26

CPE Details

Django Project Django 2.2.26
djangoproject
django
2.2.26
2022-01-12
14h07 +00:00
2022-01-12
14h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:djangoproject:django:2.2.26:*:*:*:*:*:*:*

Informations

Vendor

djangoproject

Product

django

Version

2.2.26

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-28346 2022-04-12 00h00 +00:00 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
9.8
Critical
CVE-2022-28347 2022-04-12 00h00 +00:00 A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
9.8
Critical
CVE-2022-22818 2022-02-02 23h00 +00:00 The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
6.1
Medium
CVE-2022-23833 2022-02-02 23h00 +00:00 An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
7.5
High