๐Ÿ” CVE Alert

CVE-2024-53908

CRITICAL 9.8
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)

Vendor n/a
Product n/a
Published Dec 6, 2024
Last Updated Dec 6, 2024
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new critical vulnerabilities affecting n/a n/a are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
docs.djangoproject.com: https://docs.djangoproject.com/en/dev/releases/security/ groups.google.com: https://groups.google.com/g/django-announce openwall.com: https://www.openwall.com/lists/oss-security/2024/12/04/3