REDHAT-BUG-2436338
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2436338?
REDHAT-BUG-2436338 is considered a critical vulnerability due to the potential for remote SQL injection.
How do I fix REDHAT-BUG-2436338?
To fix REDHAT-BUG-2436338, upgrade Django to version 6.0.2 or later, 5.2.11 or later, or 4.2.28 or later.
What versions are affected by REDHAT-BUG-2436338?
REDHAT-BUG-2436338 affects Django versions before 6.0.2, 5.2.11, and 4.2.28.
What type of vulnerability is REDHAT-BUG-2436338?
REDHAT-BUG-2436338 is classified as a remote SQL injection vulnerability.
Can I still use unsupported Django versions with REDHAT-BUG-2436338?
Using unsupported Django versions in the context of REDHAT-BUG-2436338 is highly discouraged due to the known risks.