{"id":"BIT-django-2020-7471","details":"Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.","aliases":["CVE-2020-7471","GHSA-hmr4-m2h5-33qx","PYSEC-2020-35"],"modified":"2025-04-03T14:40:37.652Z","published":"2024-03-06T10:55:54.362Z","database_specific":{"severity":"Critical","cpes":["cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2020/02/03/1"},{"type":"WEB","url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"type":"WEB","url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"},{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2020/Feb/30"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202004-17"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200221-0006/"},{"type":"WEB","url":"https://usn.ubuntu.com/4264-1/"},{"type":"WEB","url":"https://www.debian.org/security/2020/dsa-4629"},{"type":"WEB","url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2020/02/03/1"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7471"}],"affected":[{"package":{"name":"django","ecosystem":"Bitnami","purl":"pkg:bitnami/django"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.11.0"},{"fixed":"1.11.28"},{"introduced":"2.2.0"},{"fixed":"2.2.10"},{"introduced":"3.0.0"},{"fixed":"3.0.3"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/django/BIT-django-2020-7471.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}