ALT-PU-2025-12106-1
Package python3-module-django updated to version 5.2.6-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2025-09-03
Modified: 2025-09-08
Modified: 2025-09-08
CVE-2025-57833
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
Severity: HIGH (7.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
References: