Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2024-42005 - Vulnerability Database
Django

Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2024-42005

Critical
Reference: CVE-2024-42005
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-42005
Title: Django Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg.