{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-28346", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T05:56:14.796Z", "dateReserved": "2022-04-02T00:00:00", "datePublished": "2022-04-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-28T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://groups.google.com/forum/#%21forum/django-announce"}, {"url": "https://docs.djangoproject.com/en/4.0/releases/security/"}, {"url": "http://www.openwall.com/lists/oss-security/2022/04/11/1"}, {"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"}, {"name": "[debian-lts-announce] 20220414 [SECURITY] [DLA 2982-1] python-django security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html"}, {"url": "https://security.netapp.com/advisory/ntap-20220609-0002/"}, {"name": "DSA-5254", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5254"}, {"name": "FEDORA-2023-8fed428c5e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"name": "FEDORA-2023-a53ab7c969", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:56:14.796Z"}, "title": "CVE Program Container", "references": [{"url": "https://groups.google.com/forum/#%21forum/django-announce", "tags": ["x_transferred"]}, {"url": "https://docs.djangoproject.com/en/4.0/releases/security/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/04/11/1", "tags": ["x_transferred"]}, {"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20220414 [SECURITY] [DLA 2982-1] python-django security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html"}, {"url": "https://security.netapp.com/advisory/ntap-20220609-0002/", "tags": ["x_transferred"]}, {"name": "DSA-5254", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5254"}, {"name": "FEDORA-2023-8fed428c5e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"name": "FEDORA-2023-a53ab7c969", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "A545BDF6-D358-44FB-8FF7-5D0166DC6B9B", "versionEndExcluding": "2.2.28", "versionStartIncluding": "2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ED1BF93-9E2C-457C-9596-F946FE223BAD", "versionEndExcluding": "3.2.13", "versionStartIncluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "36239F45-F5DF-4014-A2D0-F691D749C4CF", "versionEndExcluding": "4.0.4", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs."}, {"lang": "es", "value": "Se ha detectado un problema en Django versiones 2.2 anteriores a 2.2.28, 3.2 anteriores a 3.2.13 y 4.0 anteriores a 4.0.4. Los m\u00e9todos QuerySet.annotate(), aggregate() y extra() est\u00e1n sujetos a inyecci\u00f3n SQL en los alias de columna por medio de un diccionario dise\u00f1ado (con expansi\u00f3n de diccionario) como los **kwargs pasados"}], "id": "CVE-2022-28346", "lastModified": "2023-11-07T03:45:41.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-12T05:15:06.927", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/04/11/1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.djangoproject.com/en/4.0/releases/security/"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21forum/django-announce"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220609-0002/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5254"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5702", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.1::el8", "package": "automation-controller-0:4.1.2-2.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.1 for RHEL 8", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5702", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.1::el8", "package": "python-django-0:3.2.13-1.el8pc", "product_name": "Red Hat Ansible Automation Platform 2.1 for RHEL 8", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5703", "cpe": "cpe:/a:redhat:ansible_automation_platform:4.2::el7", "package": "python3-django-0:2.2.28-1.el7pc", "product_name": "Red Hat Automation Hub 4.2 for RHEL 7", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5703", "cpe": "cpe:/a:redhat:ansible_automation_platform:4.2::el8", "package": "python3-django-0:2.2.28-1.el8pc", "product_name": "Red Hat Automation Hub 4.2 for RHEL 8", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:8872", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "impact": "moderate", "package": "python-django20-0:2.0.13-18.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2022-12-07T00:00:00Z"}, {"advisory": "RHSA-2022:5115", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "impact": "moderate", "package": "python-django20-0:2.0.13-17.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-06-22T00:00:00Z"}, {"advisory": "RHSA-2022:5498", "cpe": "cpe:/a:redhat:satellite:6.11::el8", "impact": "moderate", "package": "python-django-0:3.2.13-1.el8pc", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2022-07-05T00:00:00Z"}, {"advisory": "RHSA-2022:5498", "cpe": "cpe:/a:redhat:satellite_capsule:6.11::el8", "impact": "moderate", "package": "python-django-0:3.2.13-1.el8pc", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2022-07-05T00:00:00Z"}, {"advisory": "RHSA-2022:5602", "cpe": "cpe:/a:redhat:rhui:4::el8", "package": "python-django-0:3.2.13-2.el8ui", "product_name": "RHUI 4 for RHEL 8", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5602", "cpe": "cpe:/a:redhat:rhui:4::el8", "package": "python-pulpcore-0:3.17.6-3.el8ui", "product_name": "RHUI 4 for RHEL 8", "release_date": "2022-07-19T00:00:00Z"}], "bugzilla": {"description": "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()", "id": "2072447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "status": "verified"}, "cwe": "CWE-89", "details": ["An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.", "A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely."], "name": "CVE-2022-28346", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Affected", "package_name": "graphite-web", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Affected", "impact": "moderate", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "impact": "moderate", "package_name": "python3-django", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "graphite-web", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Affected", "package_name": "python-django-guardian", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Affected", "package_name": "python-drf-nested-routers", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}], "public_date": "2022-04-11T08:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-28346\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28346\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases/"], "statement": "Red Hat OpenStack does ship the affected version of Django, however, vulnerability is not exposed in the product as it does not make use of vulnerable code. We may update Django in a future release of OpenStack.", "threat_severity": "Important", "upstream_fix": "Django 4.0.4, Django 3.2.13, Django 2.2.28"}