WID-SEC-W-2022-0439 — Vulnetix

WID-SEC-W-2022-0439 PUBLISHED CVSS 8.699999809265137 HIGH

Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu können.

Risk Scores

CVSS 4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
	Red Hat Enterprise Linux
	SUSE Linux
	Debian Linux
	Red Hat OpenStack < 16.2.3

Exploit Intelligence

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely. (github-poc-repo)
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely. (github-poc)
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. (github-poc)
Django QuerySet.annotate(), aggregate(), extra() SQL 注入 (github-poc)
SQL injection in QuerySet.annotate(), aggregate(), and extra() (github-poc)
https://access.redhat.com/errata/RHSA-2022:5114 (circl)
https://access.redhat.com/errata/RHSA-2022:5116 (circl)
https://access.redhat.com/errata/RHSA-2022:5498 (circl)
https://access.redhat.com/errata/RHSA-2022:5602 (circl)
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012331.html (circl)

…and 7 more exploits

Timeline

Jun 22, 2022 CVE Published
Dec 7, 2022 CVE Updated
Apr 3, 2026 Distribution Patch
Apr 3, 2026 Distribution Patch
Apr 3, 2026 Distribution Patch
Apr 3, 2026 Distribution Patch
Apr 3, 2026 Distribution Patch
Apr 3, 2026 Distribution Patch
Apr 3, 2026 Distribution Patch

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›