icon

We found results for “

CVE-2024-53908

Good to know:

icon
icon

Date: December 5, 2024

A Potential SQL injection was found in Django 4.2.x prior to 4.2.17, 5.0.x prior to 5.0.10 and 5.1.x prior to 5.1.4. Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle is subject to SQL injection if untrusted data is used as a lhs value. Applications that use the jsonfield.has_key lookup through the __ syntax are unaffected.

Language: Python

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

icon

Upgrade Version

Upgrade to version Django - 5.0.10;Django - 5.1.4;Django - 4.2.17;django - 5.1.4;django - 5.0.10;django - 4.2.17

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us