Vulnerabilities

CVE-2025-57833

by Fred · 03/09/2025

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

More information : https://docs.djangoproject.com/en/dev/releases/security/

Similar

Tags: Cybersecurity Alert