{
  "threat_severity" : "Important",
  "public_date" : "2022-04-11T08:00:00Z",
  "bugzilla" : {
    "description" : "Django: SQL injection via QuerySet.explain(options) on PostgreSQL",
    "id" : "2072459",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2072459"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-89",
  "details" : [ "A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.", "A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely." ],
  "statement" : "Red Hat OpenStack does ship the affected version of Django. However, the product is not vulnerable since it does not implement the vulnerable method QuerySet.explain() introduced in Django 2.1.x onward.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2.1 for RHEL 8",
    "release_date" : "2022-07-25T00:00:00Z",
    "advisory" : "RHSA-2022:5702",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.1::el8",
    "package" : "automation-controller-0:4.1.2-2.el8ap"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.1 for RHEL 8",
    "release_date" : "2022-07-25T00:00:00Z",
    "advisory" : "RHSA-2022:5702",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.1::el8",
    "package" : "python-django-0:3.2.13-1.el8pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 7",
    "release_date" : "2022-07-25T00:00:00Z",
    "advisory" : "RHSA-2022:5703",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el7",
    "package" : "python3-django-0:2.2.28-1.el7pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 8",
    "release_date" : "2022-07-25T00:00:00Z",
    "advisory" : "RHSA-2022:5703",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el8",
    "package" : "python3-django-0:2.2.28-1.el8pc"
  }, {
    "product_name" : "Red Hat Satellite 6.11 for RHEL 8",
    "release_date" : "2022-07-05T00:00:00Z",
    "advisory" : "RHSA-2022:5498",
    "cpe" : "cpe:/a:redhat:satellite:6.11::el8",
    "package" : "python-django-0:3.2.13-1.el8pc"
  }, {
    "product_name" : "Red Hat Satellite 6.11 for RHEL 8",
    "release_date" : "2022-07-05T00:00:00Z",
    "advisory" : "RHSA-2022:5498",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.11::el8",
    "package" : "python-django-0:3.2.13-1.el8pc"
  }, {
    "product_name" : "RHUI 4 for RHEL 8",
    "release_date" : "2022-07-19T00:00:00Z",
    "advisory" : "RHSA-2022:5602",
    "cpe" : "cpe:/a:redhat:rhui:4::el8",
    "package" : "python-django-0:3.2.13-2.el8ui"
  }, {
    "product_name" : "RHUI 4 for RHEL 8",
    "release_date" : "2022-07-19T00:00:00Z",
    "advisory" : "RHSA-2022:5602",
    "cpe" : "cpe:/a:redhat:rhui:4::el8",
    "package" : "python-pulpcore-0:3.17.6-3.el8ui"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 3",
    "fix_state" : "Will not fix",
    "package_name" : "graphite-web",
    "cpe" : "cpe:/a:redhat:ceph_storage:3"
  }, {
    "product_name" : "Red Hat Discovery 1",
    "fix_state" : "Affected",
    "package_name" : "discovery-server-container",
    "cpe" : "cpe:/a:redhat:discovery:1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Affected",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:openstack:13",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "fix_state" : "Affected",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:openstack:16.1",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Affected",
    "package_name" : "python-django",
    "cpe" : "cpe:/a:redhat:openstack:16.2",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Affected",
    "package_name" : "python3-django",
    "cpe" : "cpe:/a:redhat:satellite:6",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Will not fix",
    "package_name" : "graphite-web",
    "cpe" : "cpe:/a:redhat:storage:3"
  }, {
    "product_name" : "Red Hat Update Infrastructure 4 for Cloud Providers",
    "fix_state" : "Affected",
    "package_name" : "python-django-guardian",
    "cpe" : "cpe:/a:redhat:rhui:4::el8"
  }, {
    "product_name" : "Red Hat Update Infrastructure 4 for Cloud Providers",
    "fix_state" : "Affected",
    "package_name" : "python-drf-nested-routers",
    "cpe" : "cpe:/a:redhat:rhui:4::el8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-28347\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28347\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases/" ],
  "name" : "CVE-2022-28347",
  "csaw" : false
}