CVE-2022-34265: SQL Injection in Django
(updated )
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc()
and Extract()
database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name
value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
References
Detect and mitigate CVE-2022-34265 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →