CVE-2024-42005
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-42005
CVE Details
| Release Date: | 2024-08-06 |
Description
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
See more information about CVE-2024-42005 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 7.3 | CVSS Vector: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Attack Vector: | Network | Attack Complexity: | Low |
| Privileges Required: | None | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | Low |
| Integrity Impact: | Low | Availability Impact: | Low |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (ansible-collection-ansible-posix) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (ansible-collection-community-crypto) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (ansible-collection-community-postgresql) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (ansible-collection-mdellweg-filters) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (ansible-collection-pulp-pulp_installer) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (ansible-role-postgresql) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (dumb-init) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (ol-automation-manager) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (ol-private-automation-hub) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry-instrumentation-django) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_api) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_distro) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_exporter_otlp) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_exporter_otlp_proto_common) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_exporter_otlp_proto_grpc) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_exporter_otlp_proto_http) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_instrumentation) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_instrumentation_wsgi) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_proto) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_sdk) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_semantic_conventions) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (opentelemetry_util_http) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (pulpcore-selinux) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-aiodns) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-aiofiles) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-aiohttp) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-aiosignal) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-ansible-builder) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-ansible-compat) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-ansible-core) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-ansible-lint) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-asgiref) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-async-lru) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-async-timeout) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-asyncio-throttle) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-attrs) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-awscrt) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-backoff) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-bindep) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-bleach) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-bleach-allowlist) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-boto3) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-botocore) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-bracex) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-brotli) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-build) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-certifi) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-cffi) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-charset-normalizer) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-click) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-colorama) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-dateutil) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-defusedxml) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-deprecated) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-diff-match-patch) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-distro) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django-auth-ldap) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django-filter) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django-ipware) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django-lifecycle) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django-picklefield) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django-prometheus) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django_guid) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-django_import_export) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-djangorestframework) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-djangorestframework-queryfields) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-drf-access-policy) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-drf-nested-routers) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-drf-spectacular) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-dynaconf) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-et-xmlfile) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-filelock) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-flake8) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-frozenlist) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-future) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-galaxy-importer) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-galaxy-ng) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-gitdb) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-gitpython) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-gnupg) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-googleapis-common-protos) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-grpcio) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-gunicorn) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-idna) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-importlib-metadata) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-inflection) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-insights-analytics-collector) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-jinja2) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-jmespath) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-jsonschema) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-ldap) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-markdown) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-markdown-it-py) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-markuppy) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-markupsafe) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-marshmallow) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-mccabe) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-mdurl) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-multidict) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-mypy_extensions) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-naya) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-oauthlib) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-odfpy) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-openpyxl) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-packaging) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-parsley) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pathspec) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pbr) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pillow) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pip-tools) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pipdeptree) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-platformdirs) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-prometheus-client) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-protobuf) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-psycopg) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pulp-ansible) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pulp-container) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pulp-glue) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pulpcore) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyasn1) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyasn1_modules) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pycares) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pycodestyle) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pycparser) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pycryptodomex) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyflakes) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pygments) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pygtrie) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyjwkest) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyjwt) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyparsing) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyproject_hooks) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyrsistent) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-python3-openid) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pytz) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-pyyaml) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-redis) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-requests) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-requests-oauthlib) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-requirements-parser) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-resolvelib) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-rich) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-ruamel.yaml) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-ruamel.yaml.clib) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-s3transfer) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-semantic-version) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-setproctitle) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-setuptools_scm) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-six) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-smmap) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-social-auth-app-django) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-social-auth-core) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-sqlparse) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-subprocess-tee) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-tablib) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-tomli) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-types-cryptography) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-types-setuptools) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-typing-extensions) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-uritemplate) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-url-normalize) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-urllib3) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-uuid6) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-wcmatch) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-webencodings) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-websockets) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-whitenoise) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-wrapt) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-xlrd) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-xlwt) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-yamllint) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-yarl) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python-zipp) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python3.11-black) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (python3.11-cryptography) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (receptor) | ELSA-2024-12803 | 2024-10-31 |
| Oracle Linux version 8 (supervisor) | ELSA-2024-12803 | 2024-10-31 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
