First published: Tue Feb 04 2020(Updated: )
Simon Charette discovered that Django incorrectly handled input in the PostgreSQL module. A remote attacker could possibly use this to perform SQL injection attacks.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python-django | <1:1.11.22-1ubuntu1.2 | 1:1.11.22-1ubuntu1.2 |
=19.10 | ||
All of | ||
ubuntu/python3-django | <1:1.11.22-1ubuntu1.2 | 1:1.11.22-1ubuntu1.2 |
=19.10 | ||
All of | ||
ubuntu/python-django | <1:1.11.11-1ubuntu1.7 | 1:1.11.11-1ubuntu1.7 |
=18.04 | ||
All of | ||
ubuntu/python3-django | <1:1.11.11-1ubuntu1.7 | 1:1.11.11-1ubuntu1.7 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Django vulnerability is CVE-2020-7471.
The severity of CVE-2020-7471 is not specified.
The Django vulnerability incorrectly handles input in the PostgreSQL module.
The affected versions of Python Django include 1.11.22-1ubuntu1.2 for Ubuntu 19.10 and 1.11.11-1ubuntu1.7 for Ubuntu 18.04.
To fix the Django vulnerability, update the Python Django package to versions 1.11.22-1ubuntu1.2 or 1.11.11-1ubuntu1.7 depending on your Ubuntu version.