SQL Injection in Django · CVE-2022-28346 · GitHub Advisory Database

4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary …

Related:

  • No Related Posts

Leave a Reply