News/Tech News

Updated Django releases fix SQL Injection vulnerability

Published on July 06, 2022

The potential SQL Injection vulnerability has been tracked as CVE-2022-34265, and exists in Django’s main branch, versions 4.1 (currently in beta), 4.0, and 3.2. The vulnerability has been squashed in today’s patches and releases.

The Model-Template-View framework Django is used by thousands of websites, including some popular brands in the U.S. alone. Django instances must be upgraded or patched against bugs like these to avoid being affected by these.

A high-severity SQL injection vulnerability has been addressed in versions 4.0.6 and Django 3.2.14, and the Django team urges developers to update or patch their Django instances as soon as possible.

Through arguments passed to Trunc(kind) and Extract(lookup_name), the vulnerability could allow threat actors to attack Django web applications.

An advisory warns that untrusted data used for kind/lookup_name values could be injected via the Trunc() and Extract() database functions.

Lookup names and kind choices that are constrained to a known safe list are not affected.

Essentially, your application isn’t vulnerable if it sanitizes or escapes the arguments before passing them to Trunc and Extract.

An eye security researcher Takuto Yoshikai was credited with responsibly reporting the vulnerability.

Tech News

Ubuntu 22.04 LTS Jammy Jellyfish

Python 3.9 or 3.8 must be installed on Ubuntu 22.04 LTS Jammy Jellyfish

Use the PPA repository to install Python’s old versions such as 3.9, 3.8, 3.7, and more on Ubuntu 22.04 The Python programming language is available for free on most operating systems…

update prepares WhyNotWin11

This update prepares WhyNotWin11 for Windows 11 version 22H2

WhyNotWin11 is a third-party program that checks whether your Windows device is compatible with Windows 11. Updated processor lists…

Our Latest Blog

Mastering Full Stack Python Development with Django A Comprehensive Guide

Mastering Full Stack Python Development with Django: A Comprehensive Guide

Python is a powerful programming language that has taken the world of web development by...
Read More
Mastering Machine Learning A Beginner's Guide to Python

Mastering Machine Learning: A Beginner’s Guide to Python

Welcome to the world of machine learning! With the ever-increasing demand for artificial intelligence and...
Read More
Unlocking the Power of Data Science with Python A Beginner's Guide

Unlocking the Power of Data Science with Python: A Beginner’s Guide

Data science has become an essential part of many industries today, and Python has become...
Read More

Follow Us


Browse LSET presentations to understand interesting…

Explore Now

Get complete guides to empower yourself academically…

Explore Now

Learn about information technology and business…

Explore Now