Django Product Security Update Advisory (CVE-2024-42005)

Aug 13 2024

Overview

Django has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-42005

Django versions: 4.2 (inclusive) ~ 4.2.15 (excluded)
Django versions: 5.0 (inclusive) ~ 5.0.8 (excluded)

Resolved Vulnerabilities

QuerySet.values() and values_list() methods in models with JSONFields are affected by SQL injection in column aliases via JSON object keys created from passed *arg (CVE-2024-42005)

Vulnerability Patches

The following Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-42005

Django version: 4.2.15
Django version: 5.0.8

Referenced Sites

[1] CVE-2024-42005 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-42005

[2] Archive of security issues

https://docs.djangoproject.com/en/dev/releases/security/

Django Product Security Update Advisory (CVE-2024-42005)

MongoDB Family Security Update Advisory (CVE-2024-7553)

ManageEngine (ADAudit Plus, ADAudit Plus, and others) Family August 2024 Security Update Advisory

Tags:

MongoDB Family Security Update Advisory (CVE-2024-7553)

ManageEngine (ADAudit Plus, ADAudit Plus, and others) Family August 2024 Security Update Advisory