Django 1.11 prior to 1.11.29, 2.2 prior to 2.2.11, and 3.0 prior to 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
netapp steelstore cloud integrated storage - |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 16.04 |