Django SQL Injection (CVE-2020-7471) Threat Alert

fevereiro 28, 2020

Vulnerability Description

On February 3, Django Software Foundation (DSF) released a security bulletin, announcing the fix of a SQL injection vulnerability (CVE-2020-7471) that is exploited via a StringAgg delimiter. An attacker could break escaping and inject malicious SQL statements by passing a crafted delimiter to the aggregation function contrib.postgres.aggregates.StringAgg. (mais…)


Inscreva-se no Blog da NSFOCUS