{
  "threat_severity" : "Important",
  "public_date" : "2022-04-11T08:00:00Z",
  "bugzilla" : {
    "description" : "Django: SQL injection in QuerySet.annotate(),aggregate() and extra()",
    "id" : "2072447",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2072447"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-89",
  "details" : [ "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.", "A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely." ],
  "statement" : "Red Hat OpenStack does ship the affected version of Django, however, vulnerability is not exposed in the product as it does not make use of vulnerable code. We may update Django in a future release of OpenStack.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2.1 for RHEL 8",
    "release_date" : "2022-07-25T00:00:00Z",
    "advisory" : "RHSA-2022:5702",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.1::el8",
    "package" : "automation-controller-0:4.1.2-2.el8ap"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.1 for RHEL 8",
    "release_date" : "2022-07-25T00:00:00Z",
    "advisory" : "RHSA-2022:5702",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.1::el8",
    "package" : "python-django-0:3.2.13-1.el8pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 7",
    "release_date" : "2022-07-25T00:00:00Z",
    "advisory" : "RHSA-2022:5703",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el7",
    "package" : "python3-django-0:2.2.28-1.el7pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 8",
    "release_date" : "2022-07-25T00:00:00Z",
    "advisory" : "RHSA-2022:5703",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el8",
    "package" : "python3-django-0:2.2.28-1.el8pc"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "release_date" : "2022-12-07T00:00:00Z",
    "advisory" : "RHSA-2022:8872",
    "cpe" : "cpe:/a:redhat:openstack:16.1::el8",
    "package" : "python-django20-0:2.0.13-18.el8ost",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "release_date" : "2022-06-22T00:00:00Z",
    "advisory" : "RHSA-2022:5115",
    "cpe" : "cpe:/a:redhat:openstack:16.2::el8",
    "package" : "python-django20-0:2.0.13-17.el8ost",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Satellite 6.11 for RHEL 8",
    "release_date" : "2022-07-05T00:00:00Z",
    "advisory" : "RHSA-2022:5498",
    "cpe" : "cpe:/a:redhat:satellite:6.11::el8",
    "package" : "python-django-0:3.2.13-1.el8pc",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Satellite 6.11 for RHEL 8",
    "release_date" : "2022-07-05T00:00:00Z",
    "advisory" : "RHSA-2022:5498",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.11::el8",
    "package" : "python-django-0:3.2.13-1.el8pc",
    "impact" : "moderate"
  }, {
    "product_name" : "RHUI 4 for RHEL 8",
    "release_date" : "2022-07-19T00:00:00Z",
    "advisory" : "RHSA-2022:5602",
    "cpe" : "cpe:/a:redhat:rhui:4::el8",
    "package" : "python-django-0:3.2.13-2.el8ui"
  }, {
    "product_name" : "RHUI 4 for RHEL 8",
    "release_date" : "2022-07-19T00:00:00Z",
    "advisory" : "RHSA-2022:5602",
    "cpe" : "cpe:/a:redhat:rhui:4::el8",
    "package" : "python-pulpcore-0:3.17.6-3.el8ui"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 3",
    "fix_state" : "Will not fix",
    "package_name" : "graphite-web",
    "cpe" : "cpe:/a:redhat:ceph_storage:3"
  }, {
    "product_name" : "Red Hat Discovery 1",
    "fix_state" : "Affected",
    "package_name" : "discovery-server-container",
    "cpe" : "cpe:/a:redhat:discovery:1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Affected",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:openstack:13",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Affected",
    "package_name" : "python3-django",
    "cpe" : "cpe:/a:redhat:satellite:6",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Will not fix",
    "package_name" : "graphite-web",
    "cpe" : "cpe:/a:redhat:storage:3"
  }, {
    "product_name" : "Red Hat Update Infrastructure 4 for Cloud Providers",
    "fix_state" : "Affected",
    "package_name" : "python-django-guardian",
    "cpe" : "cpe:/a:redhat:rhui:4::el8"
  }, {
    "product_name" : "Red Hat Update Infrastructure 4 for Cloud Providers",
    "fix_state" : "Affected",
    "package_name" : "python-drf-nested-routers",
    "cpe" : "cpe:/a:redhat:rhui:4::el8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-28346\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28346\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases/" ],
  "name" : "CVE-2022-28346",
  "csaw" : false
}