Vulnerability	Vulnerable Version
C SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `django.db.models.fields.json.HasKey` lookup on Oracle, if untrusted data is used as a `lhs` value. An attacker can manipulate SQL queries and access or alter database information. Note: Applications that use the `jsonfield.has_key` lookup through the `__` syntax are unaffected. How to fix SQL Injection? Upgrade `django` to version 4.2.17, 5.0.10, 5.1.4 or higher.	[,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4)
H Command Injection Affected versions of this package are vulnerable to Command Injection via certain inputs containing large sequences of nested incomplete HTML entities submitted to the `strip_tags` function and `striptags` template filter. An attacker can cause the application to consume excessive resources. How to fix Command Injection? Upgrade `django` to version 4.2.17, 5.0.10, 5.1.4 or higher.	[,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the django.db.models.fields.json.HasKey lookup on Oracle, if untrusted data is used as a lhs value. An attacker can manipulate SQL queries and access or alter database information.

Note: Applications that use the jsonfield.has_key lookup through the __ syntax are unaffected.

How to fix SQL Injection?

Upgrade django to version 4.2.17, 5.0.10, 5.1.4 or higher.

[,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4)

Command Injection

Affected versions of this package are vulnerable to Command Injection via certain inputs containing large sequences of nested incomplete HTML entities submitted to the strip_tags function and striptags template filter. An attacker can cause the application to consume excessive resources.

How to fix Command Injection?

Upgrade django to version 4.2.17, 5.0.10, 5.1.4 or higher.

[,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4)

Go back to all versions of this package