VYPR
Critical severityNVD Advisory· Published Jul 4, 2022· Updated Feb 13, 2025

CVE-2022-34265

CVE-2022-34265

Description

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 3.2a1, < 3.2.143.2.14
DjangoPyPI
>= 4.0a1, < 4.0.64.0.6

Affected products

57

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.