ArchLinux: 202003-2 Level: PHP-Laravel XSS Vulnerability
Feb 06, 2020
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package python-django before version 3.0.3-1 is vulnerable to sql injection.
Arch Linux Security Advisory ASA-202002-1 ======================================== Severity: Medium Date : 2020-02-03 CVE-ID : CVE-2020-7471 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-1091 Summary ====== The package python-django before version 3.0.3-1 is vulnerable to sql injection. Resolution ========= Upgrade to 3.0.3-1. # pacman -Syu "python-django>=3.0.3-1" The problem has been fixed upstream in version 3.0.3. Workaround ========= None. Description ========== django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter. Impact ===== A remote attacker is able to perform a SQL injection using a specially crafted request. References ========= https://www.djangoproject.com/weblog/2020/feb/03/security-releases/ https://security.archlinux.org/CVE-2020-7471
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!