Oval Definition:oval:org.opensuse.security:def:202228346
Revision Date:2022-06-30Version:1
Title:CVE-2022-28346
Description:

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-28346
SUSE CVE-2022-28346
Platform(s):openSUSE Tumbleweed
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Django is affected
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1 is affected
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • python310-Django-4.0.4-1.1 is installed
  • OR python38-Django-4.0.4-1.1 is installed
  • OR python39-Django-4.0.4-1.1 is installed
    • BACK