Home > Cyber News > CVE-2022-34265: High Severity Vulnerability in the Django Project

CVE-2022-34265: High Severity Vulnerability in the Django Project

CVE-2022-34265: High Severity Vulnerability in the Django Project
CVE-2022-34265 is a new high severity vulnerability in the Django project, an open-source Python-based web framework. The vulnerability has been reported by Takuto Yoshikai from Aeye Security Lab.

CVE-2022-34265: Short Technical Overview

The vulnerability has been fixed in Django 4.0.6 and Django 3.2.14 which address the security issue. Django users should update as soon as possible to the latest releases.

The vulnerability has been described as a potential SQL injection that could be triggered via Trunc(kind) and Extract(lookup_name) arguments.

“Trunc() and Extract() database functions were subject to SQL injection if untrusted data was used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected,” the official advisory noted.

The security release mitigates the vulnerability, but the company says they have identified improvements to the Database API methods related to date extract and truncate that would be beneficial to add to Django 4.1 before its final release.

This action will impact third party database backends running Django 4.1 release candidate 1 or newer, until they are able to update to the API changes.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

1 Comment
  1. His friend

    The kanji of Yoshikai-san’s family name is 吉開, not 吉海. Please fix it for him.


Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree