{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-01T01:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"}, {"name": "20190812 [SECURITY] [DSA 4498-1] python-django security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/15"}, {"name": "DSA-4498", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4498"}, {"name": "openSUSE-SU-2019:1872", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"}, {"name": "FEDORA-2019-647f74ce51", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/"}, {"name": "GLSA-202004-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202004-17"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-14234", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.djangoproject.com/en/dev/releases/security/", "refsource": "MISC", "url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"name": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs", "refsource": "MISC", "url": "https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"}, {"name": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/", "refsource": "CONFIRM", "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"}, {"name": "20190812 [SECURITY] [DSA 4498-1] python-django security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/15"}, {"name": "DSA-4498", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4498"}, {"name": "openSUSE-SU-2019:1872", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"}, {"name": "FEDORA-2019-647f74ce51", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"}, {"name": "https://security.netapp.com/advisory/ntap-20190828-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190828-0002/"}, {"name": "GLSA-202004-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202004-17"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:12:42.480Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"}, {"name": "20190812 [SECURITY] [DSA 4498-1] python-django security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/15"}, {"name": "DSA-4498", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4498"}, {"name": "openSUSE-SU-2019:1872", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"}, {"name": "FEDORA-2019-647f74ce51", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190828-0002/"}, {"name": "GLSA-202004-17", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202004-17"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-14234", "datePublished": "2019-08-09T12:16:44", "dateReserved": "2019-07-22T00:00:00", "dateUpdated": "2024-08-05T00:12:42.480Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "F49BD116-09A6-454E-BB68-65FCDE06DF33", "versionEndExcluding": "1.11.23", "versionStartIncluding": "1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D05096B-F60E-4DB2-AE59-EED55F945AB0", "versionEndExcluding": "2.1.11", "versionStartIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B4FBBCF-BF41-487F-A6DA-A3A12E42D28B", "versionEndExcluding": "2.2.4", "versionStartIncluding": "2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Django versiones 1.11.x anteriores a 1.11.23, versiones 2.1.x anteriores a 2.1.11 y versiones 2.2.x anteriores a 2.2.4. Debido a un error en la transformaci\u00f3n de clave superficial, las b\u00fasquedas de clave e \u00edndice para django.contrib.postgres.fields.JSONField, y las b\u00fasquedas de clave para django.contrib.postgres.fields.HStoreField, estaban sujetas a una inyecci\u00f3n SQL. Esto podr\u00eda, por ejemplo, ser explotado mediante el uso de un \"OR 1 = 1\" dise\u00f1ado en una clave o nombre de \u00edndice para devolver todos los registros, utilizando un diccionario cuidadosamente dise\u00f1ado, con expansi\u00f3n de diccionario, como los **kwargs pasados a la funci\u00f3n QuerySet.filter()."}], "id": "CVE-2019-14234", "lastModified": "2023-11-07T03:04:51.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-09T13:15:11.777", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/15"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202004-17"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20190828-0002/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4498"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Django project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:4390", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "python-django-0:1.11.27-1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2020-10-28T00:00:00Z"}, {"advisory": "RHSA-2020:4390", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "python-django-0:1.11.27-1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2020-10-28T00:00:00Z"}, {"advisory": "RHSA-2020:1324", "cpe": "cpe:/a:redhat:openstack:15::el8", "package": "python-django-0:2.1.11-1.el8ost", "product_name": "Red Hat OpenStack Platform 15.0 (Stein)", "release_date": "2020-04-06T00:00:00Z"}], "bugzilla": {"description": "Django: SQL injection possibility in key and index lookups for JSONField/HStoreField", "id": "1734417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734417"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function."], "name": "CVE-2019-14234", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "calamari-server", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Affected", "package_name": "python-django", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Affected", "package_name": "python-django", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:certifications:1::el7", "fix_state": "Affected", "impact": "low", "package_name": "python-django", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Out of support scope", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:openstack-optools:9", "fix_state": "Will not fix", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 9 (Mitaka) Operational Tools"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "python-django", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "python-django", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:rhui:3", "fix_state": "Will not fix", "impact": "low", "package_name": "python-django", "product_name": "Red Hat Update Infrastructure 3 for Cloud Providers"}], "public_date": "2019-08-01T08:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-14234\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14234\nhttps://www.djangoproject.com/weblog/2019/aug/01/security-releases/"], "statement": "This issue affects the versions of python-django as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and 3, as it contains the vulnerable code.\nThis issue affects Red Hat Update Infrastructure for Cloud Providers, but the vulnerable functions in python-django are currently not used in any part of the Product.\nThis issue does not affect Red Hat Satellite as the vulnerable functions in python-django are not used.\nRed Hat OpenStack Platform:\n* This issue affects all versions of python-django shipped with Red Hat Openstack Platform versions 9-15, as it contains the vulnerable code. However, the version of python-django shipped with Red Hat Openstack Platform versions 9 & 10 do not contain the code for JSONFields. \n* Because the flaw's impact is Medium, it will not be fixed in Red Hat Openstack Platform 9 which is retiring on 8/24.", "threat_severity": "Moderate", "upstream_fix": "python-django 1.11.23, python-django 2.1.11, python-django 2.2.4"}