CVE-2020-7471

{"id": "CVE-2020-7471", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-02-03T12:15:26.993", "references": [{"url": "http://www.openwall.com/lists/oss-security/2020/02/03/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.djangoproject.com/en/3.0/releases/security/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/", "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2020/Feb/30", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202004-17", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20200221-0006/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4264-1/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2020/dsa-4629", "source": "cve@mitre.org"}, {"url": "https://www.djangoproject.com/weblog/2020/feb/03/security-releases/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2020/02/03/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL."}, {"lang": "es", "value": "Django versiones 1.11 anteriores a 1.11.28, versiones 2.2 anteriores a 2.2.10 y versiones 3.0 anteriores a 3.0.3, permite una Inyecci\u00f3n SQL si se usan datos no confiables como un delimitador de StringAgg (por ejemplo, en aplicaciones Django que ofrecen descargas de datos como una serie de filas con un delimitador de columna especificado por el usuario). Al pasar un delimitador apropiadamente dise\u00f1ado a una instancia contrib.postgres.aggregates.StringAgg, fue posible romper el escape e inyectar SQL malicioso."}], "lastModified": "2023-11-07T03:26:06.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00FE8079-CAF7-494D-BC2A-0B964A883EA6", "versionEndExcluding": "1.11.28", "versionStartIncluding": "1.11"}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4771CEA7-2ECE-4620-98E0-D5F1AA91889C", "versionEndExcluding": "2.2.10", "versionStartIncluding": "2.2"}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC272D38-BBBC-4440-A120-C2D60CC42A12", "versionEndExcluding": "3.0.3", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}