Oval Definition:oval:org.opensuse.security:def:202228347
Revision Date:2022-06-30Version:1
Title:CVE-2022-28347
Description:

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-28347
SUSE CVE-2022-28347
Platform(s):openSUSE Tumbleweed
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Django is not affected
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1 is not affected
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • python310-Django-4.0.4-1.1 is installed
  • OR python38-Django-4.0.4-1.1 is installed
  • OR python39-Django-4.0.4-1.1 is installed
    • BACK