Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2024-53908 - Vulnerability Database
Django

Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2024-53908

Critical
Reference: CVE-2024-53908
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-53908
Title: Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

An issue was discovered in Django 5.1 before 5.1.4 5.0 before 5.0.10 and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup when an Oracle database is used is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)