Fluid Attacks Database

Description

sql injection

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	python-django	>=0 <2:2.2.10-1	2:2.2.10-1
pypi	django	>=0 <1.11.28 \|\| >=2.0 <2.2.10 \|\| >=3.0 <3.0.3	1.11.28, 2.2.10, 3.0.3
alpine v3.10	py-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.20-r1 \|\| =1.11.21-r0 \|\| =1.11.22-r0 \|\| =1.11.23-r0 \|\| =1.11.27-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.28-r0	1.11.28-r0
alpine v3.8	py-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.21-r0 \|\| =1.11.22-r0 \|\| =1.11.23-r0 \|\| =1.11.27-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.28-r0	1.11.28-r0
alpine v3.9	py-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.21-r0 \|\| =1.11.22-r0 \|\| =1.11.23-r0 \|\| =1.11.27-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.28-r0	1.11.28-r0
alpine v3.11	py3-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.20-r1 \|\| =1.11.21-r0 \|\| =1.11.22-r0 \|\| =1.11.23-r0 \|\| =1.11.23-r1 \|\| =1.11.23-r2 \|\| =1.11.27-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.28-r0	1.11.28-r0
alpine v3.12	py3-django	=1.10.5-r0 \|\| =1.10.7-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.10-r0 \|\| =1.11.11-r0 \|\| =1.11.12-r0 \|\| =1.11.13-r0 \|\| =1.11.15-r0 \|\| =1.11.18-r0 \|\| =1.11.20-r0 \|\| =1.11.20-r1 \|\| =1.11.21-r0 \|\| =1.11.22-r0 \|\| =1.11.23-r0 \|\| =1.11.23-r1 \|\| =1.11.23-r2 \|\| =1.11.27-r0 \|\| =1.11.5-r0 \|\| =1.11.9-r0 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.4.1-r0 \|\| =1.5-r0 \|\| =1.5.1-r0 \|\| =1.5.5-r0 \|\| =1.5.6-r0 \|\| =1.5.7-r0 \|\| =1.5.8-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.7-r0 \|\| =1.8-r0 \|\| =1.8.10-r0 \|\| =1.8.12-r0 \|\| =1.8.14-r0 \|\| =1.8.15-r0 \|\| =1.8.16-r0 \|\| =1.8.3-r0 \|\| =1.8.4-r0 \|\| =1.8.6-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| >=0 <1.11.28-r0	1.11.28-r0
debian 12	python-django	>=0 <2:2.2.10-1	2:2.2.10-1
debian 13	python-django	>=0 <2:2.2.10-1	2:2.2.10-1
debian 11	python-django	>=0 <2:2.2.10-1	2:2.2.10-1

1-10 of 11

Aliases

1. CVE-2020-74712. NVD-2020-74713. OSV-DEBIAN-2020-74714. OSV-2020-74715. OSV-ALPINE-2020-74716. GHSA-hmr4-m2h5-33qx7. GCVE-2020-74718. SECURITY-TRACKER-CVE-2020-74719. security.gentoo.org10. SECURITY-CVE-2020-7471

References

1. https://github.com/Saferman/CVE-2020-74712. https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd3. https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b4. https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d81475. https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda9730561366. https://www.openwall.com/lists/oss-security/2020/02/03/17. https://www.djangoproject.com/weblog/2020/feb/03/security-releases8. https://www.debian.org/security/2020/dsa-46299. https://usn.ubuntu.com/4264-110. https://security.netapp.com/advisory/ntap-20200221-000611. https://seclists.org/bugtraq/2020/Feb/3012. https://lists.fedoraproject.org/archives/list/[email protected]/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ13. https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI14. https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml15. https://docs.djangoproject.com/en/3.0/releases/security16. http://www.openwall.com/lists/oss-security/2020/02/03/1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.