Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Thu, 02 Oct 2025 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Djangoproject
Djangoproject django |
|
Vendors & Products |
Djangoproject
Djangoproject django |
Wed, 01 Oct 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 01 Oct 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-01T19:12:14.952Z
Reserved: 2025-09-18T00:00:00.000Z
Link: CVE-2025-59681

Updated: 2025-10-01T19:12:07.902Z

Status : Received
Published: 2025-10-01T19:15:36.487
Modified: 2025-10-01T19:15:36.487
Link: CVE-2025-59681

No data.

Updated: 2025-10-02T08:45:52Z