Oval Definition:oval:org.opensuse.security:def:201914234
Revision Date:2022-05-22Version:1
Title:CVE-2019-14234
Description:

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-14234
SUSE-SU-2019:2180-1
SUSE-SU-2019:2257-1
SUSE-SU-2019:2335-1
openSUSE-SU-2019:1839-1
openSUSE-SU-2019:1872-1
Mitre CVE-2019-14234
SUSE CVE-2019-14234
SUSE-SU-2019:2180-1
SUSE-SU-2019:2335-1
openSUSE-SU-2019:1839-1
openSUSE-SU-2019:1872-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-Django-1.8.19-3.15.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Django-1.11.23-3.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.23-3.9.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • python3-Django-2.2.4-lp151.2.3.1 is installed
  • AND python3-Django is signed with openSUSE key
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND python3-Django-2.2.4-bp151.3.3.1 is installed
    • BACK