Vulnerability-Lookup

CVE-2020-7471 (GCVE-0-2020-7471)

Vulnerability from cvelistv5 – Published: 2020-02-03 11:59 – Updated: 2024-08-04 09:33

Summary

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

PYSEC-2020-35

Vulnerability from pysec - Published: 2020-02-03 12:15 - Updated: 2020-06-19 03:15

Details

Impacted products

Name	purl
django	pkg:pypi/django

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django",
        "purl": "pkg:pypi/django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "eb31d845323618d688ad429479c6dda973056136"
            }
          ],
          "repo": "https://github.com/django/django",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "1.11"
            },
            {
              "fixed": "1.11.28"
            },
            {
              "introduced": "2.2"
            },
            {
              "fixed": "2.2.10"
            },
            {
              "introduced": "3.0"
            },
            {
              "fixed": "3.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.11",
        "1.11.1",
        "1.11.2",
        "1.11.3",
        "1.11.4",
        "1.11.5",
        "1.11.6",
        "1.11.7",
        "1.11.8",
        "1.11.9",
        "1.11.10",
        "1.11.11",
        "1.11.12",
        "1.11.13",
        "1.11.14",
        "1.11.15",
        "1.11.16",
        "1.11.17",
        "1.11.18",
        "1.11.20",
        "1.11.21",
        "1.11.22",
        "1.11.23",
        "1.11.24",
        "1.11.25",
        "1.11.26",
        "1.11.27",
        "2.2",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.2.4",
        "2.2.5",
        "2.2.6",
        "2.2.7",
        "2.2.8",
        "2.2.9",
        "3.0",
        "3.0.1",
        "3.0.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7471",
    "GHSA-hmr4-m2h5-33qx"
  ],
  "details": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.",
  "id": "PYSEC-2020-35",
  "modified": "2020-06-19T03:15:00Z",
  "published": "2020-02-03T12:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1"
    },
    {
      "type": "WEB",
      "url": "https://docs.djangoproject.com/en/3.0/releases/security/"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI"
    },
    {
      "type": "ARTICLE",
      "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1"
    },
    {
      "type": "FIX",
      "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4264-1/"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2020/Feb/30"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.debian.org/security/2020/dsa-4629"
    },
    {
      "type": "ADVISORY",
      "url": "https://security.netapp.com/advisory/ntap-20200221-0006/"
    },
    {
      "type": "ADVISORY",
      "url": "https://security.gentoo.org/glsa/202004-17"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-hmr4-m2h5-33qx"
    }
  ]
}

CNVD-2020-04524

Vulnerability from cnvd - Published: 2020-02-10

Title

Django SQL注入漏洞（CNVD-2020-04524）

Description

Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 1.11.28之前的1.11版本、2.2.10之前的2.2版本和3.0.3之前的3.0版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。

Severity

高

Patch Name

Django SQL注入漏洞（CNVD-2020-04524）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://docs.djangoproject.com/en/3.0/releases/security/

Reference

http://www.openwall.com/lists/oss-security/2020/02/03/1 https://www.djangoproject.com/weblog/2020/feb/03/security-releases/

Impacted products

Name
['Django Django 1.11，<1.11.28', 'Django Django 2.2.10，<2.2', 'Django Django 3.0.3，<3.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7471"
    }
  },
  "description": "Django\u662fDjango\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8ePython\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u3002\u8be5\u6846\u67b6\u5305\u62ec\u9762\u5411\u5bf9\u8c61\u7684\u6620\u5c04\u5668\u3001\u89c6\u56fe\u7cfb\u7edf\u3001\u6a21\u677f\u7cfb\u7edf\u7b49\u3002\n\nDjango 1.11.28\u4e4b\u524d\u76841.11\u7248\u672c\u30012.2.10\u4e4b\u524d\u76842.2\u7248\u672c\u548c3.0.3\u4e4b\u524d\u76843.0\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u57fa\u4e8e\u6570\u636e\u5e93\u7684\u5e94\u7528\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://docs.djangoproject.com/en/3.0/releases/security/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04524",
  "openTime": "2020-02-10",
  "patchDescription": "Django\u662fDjango\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8ePython\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u3002\u8be5\u6846\u67b6\u5305\u62ec\u9762\u5411\u5bf9\u8c61\u7684\u6620\u5c04\u5668\u3001\u89c6\u56fe\u7cfb\u7edf\u3001\u6a21\u677f\u7cfb\u7edf\u7b49\u3002\r\n\r\nDjango 1.11.28\u4e4b\u524d\u76841.11\u7248\u672c\u30012.2.10\u4e4b\u524d\u76842.2\u7248\u672c\u548c3.0.3\u4e4b\u524d\u76843.0\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u57fa\u4e8e\u6570\u636e\u5e93\u7684\u5e94\u7528\u7f3a\u5c11\u5bf9\u5916\u90e8\u8f93\u5165SQL\u8bed\u53e5\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5SQL\u547d\u4ee4\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Django SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2020-04524\uff09 \u7684\u8865\u4e01",
  "products": {
    "product": [
      "Django Django 1.11\uff0c\u003c1.11.28",
      "Django Django 2.2.10\uff0c\u003c2.2",
      "Django Django 3.0.3\uff0c\u003c3.0"
    ]
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2020/02/03/1\r\nhttps://www.djangoproject.com/weblog/2020/feb/03/security-releases/",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-06",
  "title": "Django SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2020-04524\uff09"
}

CVE-2020-7471

Vulnerability from fstec - Published: 03.02.2020

Title

Уязвимость компонента contrib.postgres.aggregates.StringAgg программной платформы для веб-приложений Django, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость компонента contrib.postgres.aggregates.StringAgg программной платформы для веб-приложений Django связана с отсутствием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Django Software Foundation

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Django

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), от 1.11 до 1.11.28 (Django), от 2.2 до 2.2.10 (Django), от 3.0 до 3.0.3 (Django)

Possible Mitigations

Для Django: Использование рекомендаций производителя: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 Для Debian: Использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2020-7471 Для Astra Linux: Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81

Reference

https://docs.djangoproject.com/en/3.0/releases/security/ https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 https://nvd.nist.gov/vuln/detail/CVE-2020-7471 https://security-tracker.debian.org/tracker/CVE-2020-7471 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.djangoproject.com/weblog/2020/feb/03/security-releases/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81

CWE

CWE-89

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Django Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u043e\u0442 1.11 \u0434\u043e 1.11.28 (Django), \u043e\u0442 2.2 \u0434\u043e 2.2.10 (Django), \u043e\u0442 3.0 \u0434\u043e 3.0.3 (Django)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Django:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136\n\n\u0414\u043b\u044f Debian:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2020-7471\n\n\u0414\u043b\u044f Astra Linux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.02.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.11.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.07.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03743",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-7471",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Django",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 contrib.postgres.aggregates.StringAgg \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Django, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL (\u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \\\"\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435  SQL\\\") (CWE-89)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 contrib.postgres.aggregates.StringAgg \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Django \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://docs.djangoproject.com/en/3.0/releases/security/\nhttps://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7471\nhttps://security-tracker.debian.org/tracker/CVE-2020-7471\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.djangoproject.com/weblog/2020/feb/03/security-releases/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-89",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

bit-django-2020-7471

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:55

Modified

2025-04-03 14:40

Summary

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "django",
        "purl": "pkg:bitnami/django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.28"
            },
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.10"
            },
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.3"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7471"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.",
  "id": "BIT-django-2020-7471",
  "modified": "2025-04-03T14:40:37.652Z",
  "published": "2024-03-06T10:55:54.362Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1"
    },
    {
      "type": "WEB",
      "url": "https://docs.djangoproject.com/en/3.0/releases/security/"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2020/Feb/30"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202004-17"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200221-0006/"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4264-1/"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4629"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7471"
    }
  ],
  "schema_version": "1.5.0"
}

FKIE_CVE-2020-7471

Vulnerability from fkie_nvd - Published: 2020-02-03 12:15 - Updated: 2024-11-21 05:37

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2020/02/03/1	Mailing List, Third Party Advisory
cve@mitre.org	https://docs.djangoproject.com/en/3.0/releases/security/	Vendor Advisory
cve@mitre.org	https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136	Patch, Third Party Advisory
cve@mitre.org	https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
cve@mitre.org	https://seclists.org/bugtraq/2020/Feb/30
cve@mitre.org	https://security.gentoo.org/glsa/202004-17
cve@mitre.org	https://security.netapp.com/advisory/ntap-20200221-0006/
cve@mitre.org	https://usn.ubuntu.com/4264-1/
cve@mitre.org	https://www.debian.org/security/2020/dsa-4629
cve@mitre.org	https://www.djangoproject.com/weblog/2020/feb/03/security-releases/	Vendor Advisory
cve@mitre.org	https://www.openwall.com/lists/oss-security/2020/02/03/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/02/03/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.djangoproject.com/en/3.0/releases/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/30
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202004-17
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200221-0006/
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4264-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4629
af854a3a-2127-422b-91ae-364da2661108	https://www.djangoproject.com/weblog/2020/feb/03/security-releases/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2020/02/03/1	Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
djangoproject	django	*
djangoproject	django	*
djangoproject	django	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00FE8079-CAF7-494D-BC2A-0B964A883EA6",
              "versionEndExcluding": "1.11.28",
              "versionStartIncluding": "1.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4771CEA7-2ECE-4620-98E0-D5F1AA91889C",
              "versionEndExcluding": "2.2.10",
              "versionStartIncluding": "2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC272D38-BBBC-4440-A120-C2D60CC42A12",
              "versionEndExcluding": "3.0.3",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL."
    },
    {
      "lang": "es",
      "value": "Django versiones 1.11 anteriores a 1.11.28, versiones 2.2 anteriores a 2.2.10 y versiones 3.0 anteriores a 3.0.3, permite una Inyecci\u00f3n SQL si se usan datos no confiables como un delimitador de StringAgg (por ejemplo, en aplicaciones Django que ofrecen descargas de datos como una serie de filas con un delimitador de columna especificado por el usuario). Al pasar un delimitador apropiadamente dise\u00f1ado a una instancia contrib.postgres.aggregates.StringAgg, fue posible romper el escape e inyectar SQL malicioso."
    }
  ],
  "id": "CVE-2020-7471",
  "lastModified": "2024-11-21T05:37:12.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-03T12:15:26.993",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.djangoproject.com/en/3.0/releases/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://seclists.org/bugtraq/2020/Feb/30"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202004-17"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20200221-0006/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/4264-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2020/dsa-4629"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.djangoproject.com/en/3.0/releases/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2020/Feb/30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202004-17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20200221-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/4264-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2020/dsa-4629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HMR4-M2H5-33QX

Vulnerability from github – Published: 2020-02-11 21:03 – Updated: 2024-09-20 15:03

Summary

SQL injection in Django

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0"
            },
            {
              "fixed": "2.2.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0"
            },
            {
              "fixed": "3.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-02-05T15:07:21Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.",
  "id": "GHSA-hmr4-m2h5-33qx",
  "modified": "2024-09-20T15:03:11Z",
  "published": "2020-02-11T21:03:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7471"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4629"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4264-1"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200221-0006"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202004-17"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2020/Feb/30"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/django/django"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-hmr4-m2h5-33qx"
    },
    {
      "type": "WEB",
      "url": "https://docs.djangoproject.com/en/3.0/releases/security"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SQL injection in Django"
}

GSD-2020-7471

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7471

Aliases

CVE-2020-7471

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7471",
    "description": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.",
    "id": "GSD-2020-7471",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-7471.html",
      "https://www.debian.org/security/2020/dsa-4629",
      "https://ubuntu.com/security/CVE-2020-7471",
      "https://security.archlinux.org/CVE-2020-7471"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7471"
      ],
      "details": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.",
      "id": "GSD-2020-7471",
      "modified": "2023-12-13T01:21:51.980171Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-7471",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI",
            "refsource": "CONFIRM",
            "url": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI"
          },
          {
            "name": "https://docs.djangoproject.com/en/3.0/releases/security/",
            "refsource": "CONFIRM",
            "url": "https://docs.djangoproject.com/en/3.0/releases/security/"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2020/02/03/1",
            "refsource": "CONFIRM",
            "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1"
          },
          {
            "name": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/",
            "refsource": "CONFIRM",
            "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"
          },
          {
            "name": "[oss-security] 20200203 Django 3.0.3, 2.2.10 and 1.11.28: CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)``",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1"
          },
          {
            "name": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136",
            "refsource": "CONFIRM",
            "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"
          },
          {
            "name": "USN-4264-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4264-1/"
          },
          {
            "name": "20200219 [SECURITY] [DSA 4629-1] python-django security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2020/Feb/30"
          },
          {
            "name": "DSA-4629",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4629"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200221-0006/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200221-0006/"
          },
          {
            "name": "GLSA-202004-17",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202004-17"
          },
          {
            "name": "FEDORA-2020-c2639662af",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=1.11,\u003c1.11.28||\u003e=2.2,\u003c2.2.10||\u003e=3.0,\u003c3.0.3",
          "affected_versions": "All versions starting from 1.11 before 1.11.28, all versions starting from 2.2 before 2.2.10, all versions starting from 3.0 before 3.0.3",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-89",
            "CWE-937"
          ],
          "date": "2020-06-19",
          "description": "Django allows SQL Injection if untrusted data is used as a delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a `contrib.postgres.aggregates.StringAgg` instance, it was possible to break escaping and inject malicious SQL.",
          "fixed_versions": [
            "1.11.28",
            "2.2.10",
            "3.0.3"
          ],
          "identifier": "CVE-2020-7471",
          "identifiers": [
            "CVE-2020-7471"
          ],
          "not_impacted": "All versions before 1.11, all versions starting from 1.11.28 before 2.2, all versions starting from 2.2.10 before 3.0, all versions starting from 3.0.3",
          "package_slug": "pypi/Django",
          "pubdate": "2020-02-03",
          "solution": "Upgrade to versions 1.11.28, 2.2.10, 3.0.3 or above.",
          "title": "SQL Injection",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-7471",
            "https://docs.djangoproject.com/en/3.0/releases/security/",
            "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"
          ],
          "uuid": "ea400310-29db-4c48-8236-42d462d1de1c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.28",
                "versionStartIncluding": "1.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.10",
                "versionStartIncluding": "2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.3",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-7471"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/02/03/1",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1"
            },
            {
              "name": "https://docs.djangoproject.com/en/3.0/releases/security/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://docs.djangoproject.com/en/3.0/releases/security/"
            },
            {
              "name": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI"
            },
            {
              "name": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"
            },
            {
              "name": "[oss-security] 20200203 Django 3.0.3, 2.2.10 and 1.11.28: CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)``",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1"
            },
            {
              "name": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"
            },
            {
              "name": "USN-4264-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/4264-1/"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4629-1] python-django security update",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "https://seclists.org/bugtraq/2020/Feb/30"
            },
            {
              "name": "DSA-4629",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2020/dsa-4629"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200221-0006/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20200221-0006/"
            },
            {
              "name": "GLSA-202004-17",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202004-17"
            },
            {
              "name": "FEDORA-2020-c2639662af",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-06-19T03:15Z",
      "publishedDate": "2020-02-03T12:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7471 (GCVE-0-2020-7471)

PYSEC-2020-35

CNVD-2020-04524

CVE-2020-7471

bit-django-2020-7471

Vulnerability from bitnami_vulndb

FKIE_CVE-2020-7471

GHSA-HMR4-M2H5-33QX

GSD-2020-7471

Tags

Sightings

Nomenclature