VYPR
High severityNVD Advisory· Published Mar 5, 2020· Updated Aug 4, 2024

CVE-2020-9402

CVE-2020-9402

Description

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 1.11, < 1.11.291.11.29
DjangoPyPI
>= 2.2, < 2.2.112.2.11
DjangoPyPI
>= 3.0, < 3.0.43.0.4

Affected products

240

Patches

Vulnerability mechanics

References

24

News mentions

0

No linked articles in our index yet.