Vulnerability Description On February 3, Django Software Foundation (DSF) released a security bulletin, announcing the fix of a SQL injection vulnerability (CVE-2020-7471) that is exploited via a StringAgg delimiter. An attacker could break escaping and inject malicious SQL statements by passing a crafted delimiter to the aggregation function contrib.postgres.aggregates.StringAgg. (more…)
