cve-2020-7471
Vulnerability from cvelistv5
Published
2020-02-03 11:59
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://docs.djangoproject.com/en/3.0/releases/security/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/" }, { "name": "[oss-security] 20200203 Django 3.0.3, 2.2.10 and 1.11.28: CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)``", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136" }, { "name": "USN-4264-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4264-1/" }, { "name": "20200219 [SECURITY] [DSA 4629-1] python-django security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Feb/30" }, { "name": "DSA-4629", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4629" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200221-0006/" }, { "name": "GLSA-202004-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "name": "FEDORA-2020-c2639662af", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-19T02:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://docs.djangoproject.com/en/3.0/releases/security/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/" }, { "name": "[oss-security] 20200203 Django 3.0.3, 2.2.10 and 1.11.28: CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)``", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136" }, { "name": "USN-4264-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4264-1/" }, { "name": "20200219 [SECURITY] [DSA 4629-1] python-django security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Feb/30" }, { "name": "DSA-4629", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4629" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200221-0006/" }, { "name": "GLSA-202004-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202004-17" }, { "name": "FEDORA-2020-c2639662af", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-7471", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI" }, { "name": "https://docs.djangoproject.com/en/3.0/releases/security/", "refsource": "CONFIRM", "url": "https://docs.djangoproject.com/en/3.0/releases/security/" }, { "name": "https://www.openwall.com/lists/oss-security/2020/02/03/1", "refsource": "CONFIRM", "url": "https://www.openwall.com/lists/oss-security/2020/02/03/1" }, { "name": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/", "refsource": "CONFIRM", "url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/" }, { "name": "[oss-security] 20200203 Django 3.0.3, 2.2.10 and 1.11.28: CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)``", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/02/03/1" }, { "name": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136", "refsource": "CONFIRM", "url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136" }, { "name": "USN-4264-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4264-1/" }, { "name": "20200219 [SECURITY] [DSA 4629-1] python-django security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Feb/30" }, { "name": "DSA-4629", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4629" }, { "name": "https://security.netapp.com/advisory/ntap-20200221-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200221-0006/" }, { "name": "GLSA-202004-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202004-17" }, { "name": "FEDORA-2020-c2639662af", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-7471", "datePublished": "2020-02-03T11:59:20", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-7471\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-02-03T12:15:26.993\",\"lastModified\":\"2024-11-21T05:37:12.667\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.\"},{\"lang\":\"es\",\"value\":\"Django versiones 1.11 anteriores a 1.11.28, versiones 2.2 anteriores a 2.2.10 y versiones 3.0 anteriores a 3.0.3, permite una Inyecci\u00f3n SQL si se usan datos no confiables como un delimitador de StringAgg (por ejemplo, en aplicaciones Django que ofrecen descargas de datos como una serie de filas con un delimitador de columna especificado por el usuario). Al pasar un delimitador apropiadamente dise\u00f1ado a una instancia contrib.postgres.aggregates.StringAgg, fue posible romper el escape e inyectar SQL malicioso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.11\",\"versionEndExcluding\":\"1.11.28\",\"matchCriteriaId\":\"00FE8079-CAF7-494D-BC2A-0B964A883EA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2\",\"versionEndExcluding\":\"2.2.10\",\"matchCriteriaId\":\"4771CEA7-2ECE-4620-98E0-D5F1AA91889C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0\",\"versionEndExcluding\":\"3.0.3\",\"matchCriteriaId\":\"BC272D38-BBBC-4440-A120-C2D60CC42A12\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2020/02/03/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://docs.djangoproject.com/en/3.0/releases/security/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2020/Feb/30\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202004-17\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200221-0006/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4264-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4629\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2020/02/03/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/02/03/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://docs.djangoproject.com/en/3.0/releases/security/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2020/Feb/30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202004-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200221-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4264-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2020/02/03/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.