CVE-2022-34265 is a vulnerability in Django Project Django
Published on July 4, 2022

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2022-34265

Want to know whenever a new CVE is published for Django Project Django? stack.watch will email you.

Django Project Django

Exploit Probability

EPSS

92.83%

Percentile

99.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-34265 is a vulnerability in Django Project DjangoPublished on July 4, 2022

Products Associated with CVE-2022-34265

Exploit Probability

CVE-2022-34265 is a vulnerability in Django Project Django
Published on July 4, 2022