python3-django: Fix CVE-2024-42005 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-08-25 15:59:14 +0000
committer	Armin Kuster <akuster808@gmail.com>	2024-08-25 18:12:26 -0400
commit	376f3a1aba9f20e7f87005b939ec0ee5931705c1 (patch)
tree	c7bb20be96b8c600036f74c11e01840c353a6879 /meta-python/recipes-devtools/python/python3-flask-babel_2.0.0.bb
parent	b2ad711bcfd910afc0a97cb661a2ce05a530cb39 (diff)
download	meta-openembedded-376f3a1aba9f20e7f87005b939ec0ee5931705c1.tar.gz

python3-django: Fix CVE-2024-42005

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. References: https://nvd.nist.gov/vuln/detail/CVE-2024-42005 Upstream-patch: https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-flask-babel_2.0.0.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: