FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5a45649a-4777-11ea-bdec-08002728f74cDjango -- potential SQL injection vulnerability

MITRE CVE reports:

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.


Discovery 2020-02-03
Entry 2020-02-04
py27-django111
py35-django111
py36-django111
py37-django111
py38-django111
< 1.11.28

py35-django22
py36-django22
py37-django22
py38-django22
< 2.2.10

py36-django30
py37-django30
py38-django30
< 3.0.3

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
https://docs.djangoproject.com/en/1.11/releases/1.11.28/
https://docs.djangoproject.com/en/2.2/releases/2.2.10/
https://docs.djangoproject.com/en/3.0/releases/3.0.3/
CVE-2020-7471