CVE-2019-14234
Django: SQL injection possibility in key and index lookups for JSONField/HStoreField
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
Se detectó un problema en Django versiones 1.11.x anteriores a 1.11.23, versiones 2.1.x anteriores a 2.1.11 y versiones 2.2.x anteriores a 2.2.4. Debido a un error en la transformación de clave superficial, las búsquedas de clave e índice para django.contrib.postgres.fields.JSONField, y las búsquedas de clave para django.contrib.postgres.fields.HStoreField, estaban sujetas a una inyección SQL. Esto podría, por ejemplo, ser explotado mediante el uso de un "OR 1 = 1" diseñado en una clave o nombre de índice para devolver todos los registros, utilizando un diccionario cuidadosamente diseñado, con expansión de diccionario, como los **kwargs pasados a la función QuerySet.filter().
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-22 CVE Reserved
- 2019-08-01 CVE Published
- 2023-09-15 First Exploit
- 2024-08-02 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs | X_refsource_misc | |
| https://seclists.org/bugtraq/2019/Aug/15 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190828-0002 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/malvika-thakur/CVE-2019-14234 | 2023-09-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 1.11 < 1.11.23 Search vendor "Djangoproject" for product "Django" and version " >= 1.11 < 1.11.23" | - |
Affected
| ||||||
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 2.1 < 2.1.11 Search vendor "Djangoproject" for product "Django" and version " >= 2.1 < 2.1.11" | - |
Affected
| ||||||
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 2.2 < 2.2.4 Search vendor "Djangoproject" for product "Django" and version " >= 2.2 < 2.2.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||