CVE-2024-42005 | Django up to 4.2.14/5.0.7 QuerySet.values/values_list sql injection

Inserito da Angelo Barbosa | Ago 7, 2024 | CVE

A vulnerability, which was classified as critical, was found in Django up to 4.2.14/5.0.7. This affects the function QuerySet.values/values_list. The manipulation leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-42005. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-42005 | Django up to 4.2.14/5.0.7 QuerySet.values/values_list sql injection

Post correlati

CVE-2023-46841 | Xen Shadow Stack stack-based overflow

CVE-2024-26928 | Linux Kernel up to 6.1.84/6.6.25/6.8.4/6.9-rc2 smb cifs_debug_files_proc_show use after free

CVE-2024-3520 | Country State City Dropdown CF7 Plugin up to 2.7.1 on WordPress authorization

CVE-2024-7455 | itsourcecode Tailoring Management System 1.0 partedit.php id sql injection