VDB
GCVE-110-MAGEIA-2022-281
GCVE-110-MAGEIA-2022-281
Advisory Published
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6.
The Trunc() and Extract() database functions are subject to SQL injection
if untrusted data is used as a kind/lookup_name value. Applications that
constrain the lookup name and kind choice to a known safe list are
unaffected. (CVE-2022-34265)
An issue was discovered in the HTTP FileResponse class in Django 3.2
before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a
reflected file download (RFD) attack that sets the Content-Disposition
header of a FileResponse when the filename is derived from user-supplied
input. (CVE-2022-36359)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-django | 0 (affected), 3.2.15-1.mga8 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.