CVE-2022-34265

Aliases:GHSA-p64x-8rxx-wf6qBIT-django-2022-34265PYSEC-2022-213
Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 04 Jul 2022, 00:00
Last modified:13 Feb 2025, 16:32

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
92.83% CRITICAL
93% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

04 Jul 2022, 00:00
Published
Vulnerability first disclosed
13 Feb 2025, 16:32
Last Modified
Vulnerability information updated

Description

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

CVSS Metrics

  • v4.0CRITICALScore: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • v2.0HIGHScore: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 92.83% Percentile: 100%

Techniques & Countermeasures

  • CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

    The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Affected Systems

  • djangoprojectdjango

    ≥ 3.2, < 3.2.14 | ≥ 4.0, < 4.0.6

  • PyPIdjango

    ≥ 3.2a1, < 3.2.14 | ≥ 4.0a1, < 4.0.6 | ≥ 4.0, < 4.0.6

References (21)