CVE-2020-7471: Django SQL injection vulnerability alert

News 2020-02-16 16:36:51 views: null

Recently, Django released a security bulletin, the bulletin announced a potential SQL injection vulnerability (CVE-2020-7471), has been the vulnerability be exploited by StringAgg (separator).

An attacker may be passed to the constructor separator django.contrib.postgres.aggregates.StringAgg aggregation function, and to bypass the escape inject malicious SQL statements.

Detailed graphics Django installation on Ubuntu 18.04 LTS

Affected versions

  • Django master branch
  • Django 3.0
  • Django 2.2
  • Django 1.11

solution

Django officially released a new version of the original fix the above vulnerabilities. Affected users will be updated to the master branch Django and 3.0,2.2 and 1.11 version branch as soon as possible

If pip installed Django, you can be operated using the following command:

 

 

 

Guess you like

Origin www.linuxidc.com/Linux/2020-02/162302.htm
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com