Home > Vulnerability Database > CVE-2024-53908

Mend.io Vulnerability Database

CVE-2024-53908

Good to know:

Date: December 5, 2024

A Potential SQL injection was found in Django 4.2.x prior to 4.2.17, 5.0.x prior to 5.0.10 and 5.1.x prior to 5.1.4. Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle is subject to SQL injection if untrusted data is used as a lhs value. Applications that use the jsonfield.has_key lookup through the __ syntax are unaffected.

Language: Python

Severity Score

9.8

Related Resources (11)

Url: https://groups.google.com/g/django-announce

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53908

Url: https://www.djangoproject.com/weblog/2024/dec/04/security-releases

Url: https://security-tracker.debian.org/tracker/CVE-2024-53908

Url: https://docs.djangoproject.com/en/dev/releases/security/

Url: https://docs.djangoproject.com/en/dev/releases/security

Url: https://www.openwall.com/lists/oss-security/2024/12/04/3

Url: https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml

Url: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/

Url: https://github.com/django/django

Url: https://www.mend.io/vulnerability-database/CVE-2024-53908

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version django - 5.1.4;django - 5.0.10;django - 4.2.17;django - 5.0.10;django - 5.1.4;django - 4.2.17

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53908

Good to know:

Date: December 5, 2024

Language: Python

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?