First published: Wed Mar 04 2020(Updated: )
Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python-django | <1:1.11.22-1ubuntu1.3 | 1:1.11.22-1ubuntu1.3 |
=19.10 | ||
All of | ||
ubuntu/python3-django | <1:1.11.22-1ubuntu1.3 | 1:1.11.22-1ubuntu1.3 |
=19.10 | ||
All of | ||
ubuntu/python-django | <1:1.11.11-1ubuntu1.8 | 1:1.11.11-1ubuntu1.8 |
=18.04 | ||
All of | ||
ubuntu/python3-django | <1:1.11.11-1ubuntu1.8 | 1:1.11.11-1ubuntu1.8 |
=18.04 | ||
All of | ||
ubuntu/python-django | <1.8.7-1ubuntu5.12 | 1.8.7-1ubuntu5.12 |
=16.04 | ||
All of | ||
ubuntu/python3-django | <1.8.7-1ubuntu5.12 | 1.8.7-1ubuntu5.12 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is USN-4296-1.
The severity of USN-4296-1 is not specified.
Django is affected by USN-4296-1 due to incorrect handling of GIS functions and aggregates on Oracle.
The potential impact of USN-4296-1 is the possibility of a remote attacker performing an SQL injection attack.
To fix USN-4296-1, update the affected Django package to version 1:1.11.22-1ubuntu1.3 or later.