Vulnerability CVE-2019-14234
Published: 2019-08-09

Description:
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.

Type:

CWE-89

 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Fedoraproject -> Fedora 
Djangoproject -> Django 
Debian -> Debian linux 

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
https://docs.djangoproject.com/en/dev/releases/security/
https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
https://seclists.org/bugtraq/2019/Aug/15
https://security.netapp.com/advisory/ntap-20190828-0002/
https://www.debian.org/security/2019/dsa-4498
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
Copyright 2024, cxsecurity.com

 

Back to Top