{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-28347", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T05:56:14.933Z", "dateReserved": "2022-04-02T00:00:00", "datePublished": "2022-04-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-28T00:00:00"}, "descriptions": [{"lang": "en", "value": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://groups.google.com/forum/#%21forum/django-announce"}, {"url": "https://docs.djangoproject.com/en/4.0/releases/security/"}, {"url": "http://www.openwall.com/lists/oss-security/2022/04/11/1"}, {"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"}, {"name": "DSA-5254", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5254"}, {"name": "FEDORA-2023-8fed428c5e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"name": "FEDORA-2023-a53ab7c969", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:56:14.933Z"}, "title": "CVE Program Container", "references": [{"url": "https://groups.google.com/forum/#%21forum/django-announce", "tags": ["x_transferred"]}, {"url": "https://docs.djangoproject.com/en/4.0/releases/security/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/04/11/1", "tags": ["x_transferred"]}, {"url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/", "tags": ["x_transferred"]}, {"name": "DSA-5254", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5254"}, {"name": "FEDORA-2023-8fed428c5e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"name": "FEDORA-2023-a53ab7c969", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "A545BDF6-D358-44FB-8FF7-5D0166DC6B9B", "versionEndExcluding": "2.2.28", "versionStartIncluding": "2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ED1BF93-9E2C-457C-9596-F946FE223BAD", "versionEndExcluding": "3.2.13", "versionStartIncluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "36239F45-F5DF-4014-A2D0-F691D749C4CF", "versionEndExcluding": "4.0.4", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name."}, {"lang": "es", "value": "Se ha detectado un problema de inyecci\u00f3n SQL en la funci\u00f3n QuerySet.explain() en Django versiones 2.2 anteriores a 2.2.28, 3.2 anteriores a 3.2.13 y 4.0 anteriores a 4.0.4. Esto ocurre al pasar un diccionario dise\u00f1ado (con expansi\u00f3n de diccionario) como el argumento **options, y colocar una carga \u00fatil de inyecci\u00f3n en un nombre de opci\u00f3n"}], "id": "CVE-2022-28347", "lastModified": "2023-11-07T03:45:41.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-12T05:15:07.357", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/04/11/1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.djangoproject.com/en/4.0/releases/security/"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21forum/django-announce"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5254"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5702", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.1::el8", "package": "automation-controller-0:4.1.2-2.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.1 for RHEL 8", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5702", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.1::el8", "package": "python-django-0:3.2.13-1.el8pc", "product_name": "Red Hat Ansible Automation Platform 2.1 for RHEL 8", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5703", "cpe": "cpe:/a:redhat:ansible_automation_platform:4.2::el7", "package": "python3-django-0:2.2.28-1.el7pc", "product_name": "Red Hat Automation Hub 4.2 for RHEL 7", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5703", "cpe": "cpe:/a:redhat:ansible_automation_platform:4.2::el8", "package": "python3-django-0:2.2.28-1.el8pc", "product_name": "Red Hat Automation Hub 4.2 for RHEL 8", "release_date": "2022-07-25T00:00:00Z"}, {"advisory": "RHSA-2022:5498", "cpe": "cpe:/a:redhat:satellite:6.11::el8", "package": "python-django-0:3.2.13-1.el8pc", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2022-07-05T00:00:00Z"}, {"advisory": "RHSA-2022:5498", "cpe": "cpe:/a:redhat:satellite_capsule:6.11::el8", "package": "python-django-0:3.2.13-1.el8pc", "product_name": "Red Hat Satellite 6.11 for RHEL 8", "release_date": "2022-07-05T00:00:00Z"}, {"advisory": "RHSA-2022:5602", "cpe": "cpe:/a:redhat:rhui:4::el8", "package": "python-django-0:3.2.13-2.el8ui", "product_name": "RHUI 4 for RHEL 8", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5602", "cpe": "cpe:/a:redhat:rhui:4::el8", "package": "python-pulpcore-0:3.17.6-3.el8ui", "product_name": "RHUI 4 for RHEL 8", "release_date": "2022-07-19T00:00:00Z"}], "bugzilla": {"description": "Django: SQL injection via QuerySet.explain(options) on PostgreSQL", "id": "2072459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "status": "verified"}, "cwe": "CWE-89", "details": ["A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.", "A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely."], "name": "CVE-2022-28347", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Affected", "package_name": "graphite-web", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Affected", "impact": "moderate", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Affected", "impact": "moderate", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "impact": "moderate", "package_name": "python-django", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "impact": "moderate", "package_name": "python3-django", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "graphite-web", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Affected", "package_name": "python-django-guardian", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Affected", "package_name": "python-drf-nested-routers", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}], "public_date": "2022-04-11T08:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-28347\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28347\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases/"], "statement": "Red Hat OpenStack does ship the affected version of Django. However, the product is not vulnerable since it does not implement the vulnerable method QuerySet.explain() introduced in Django 2.1.x onward.", "threat_severity": "Important", "upstream_fix": "Django 4.0.4, Django 3.2.13, Django 2.2.28"}