[2.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive.
Backport of 78eeff8d33
from main
This commit is contained in:
parent
d3731c9431
commit
2a62cdcfec
|
@ -1311,3 +1311,25 @@ Versions affected
|
|||
* Django 4.0 :commit:`(patch) <f9c7d48fdd6f198a6494a9202f90242f176e4fc9>`
|
||||
* Django 3.2 :commit:`(patch) <d16133568ef9c9b42cb7a08bdf9ff3feec2e5468>`
|
||||
* Django 2.2 :commit:`(patch) <c477b761804984c932704554ad35f78a2e230c6a>`
|
||||
|
||||
April 11, 2022 - :cve:`2022-28346`
|
||||
----------------------------------
|
||||
|
||||
Potential SQL injection in ``QuerySet.annotate()``, ``aggregate()``, and
|
||||
``extra()``. `Full description
|
||||
<https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>`__
|
||||
|
||||
* Django 4.0 :commit:`(patch) <800828887a0509ad1162d6d407e94d8de7eafc60>`
|
||||
* Django 3.2 :commit:`(patch) <2044dac5c6968441be6f534c4139bcf48c5c7e48>`
|
||||
* Django 2.2 :commit:`(patch) <2c09e68ec911919360d5f8502cefc312f9e03c5d>`
|
||||
|
||||
April 11, 2022 - :cve:`2022-28347`
|
||||
----------------------------------
|
||||
|
||||
Potential SQL injection via ``QuerySet.explain(**options)`` on PostgreSQL.
|
||||
`Full description
|
||||
<https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>`__
|
||||
|
||||
* Django 4.0 :commit:`(patch) <00b0fc50e1738c7174c495464a5ef069408a4402>`
|
||||
* Django 3.2 :commit:`(patch) <9e19accb6e0a00ba77d5a95a91675bf18877c72d>`
|
||||
* Django 2.2 :commit:`(patch) <29a6c98b4c13af82064f993f0acc6e8fafa4d3f5>`
|
||||
|
|
Loading…
Reference in New Issue