summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-django/CVE-2024-42005.patch
Commit message (Collapse)AuthorAgeFilesLines
* python3-django: Fix CVE-2024-42005Soumya Sambu2024-08-251-0/+84
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. References: https://nvd.nist.gov/vuln/detail/CVE-2024-42005 Upstream-patch: https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-13 21:02:37 +0000