CVE-2022-28346 vulnerability in Canonical and Other Products
Published on April 12, 2022

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2022-28346

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-28346 are published in these products:

Canonical Ubuntu Linux

Django Project Django

Debian Linux

Exploit Probability

EPSS

1.97%

Percentile

83.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-28346 vulnerability in Canonical and Other ProductsPublished on April 12, 2022

Products Associated with CVE-2022-28346

Exploit Probability

CVE-2022-28346 vulnerability in Canonical and Other Products
Published on April 12, 2022