CVE-2019-14234

CRITICAL LAB

Django <1.11.23,2.1.11,2.2.4 - SQL Injection

Title source: llm

Description

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.

Exploits (1)

nomisec WORKING POC 2 stars
by malvika-thakur · poc
https://github.com/malvika-thakur/CVE-2019-14234

References (9)

Scores

CVSS v3 9.8
EPSS 0.1911
EPSS Percentile 95.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/django:2.2.3

Details

CWE
CWE-89
Status published
Products (5)
debian/debian_linux 9.0
debian/debian_linux 10.0
djangoproject/django 1.11 - 1.11.23
fedoraproject/fedora 30
pypi/Django 1.11a1 - 1.11.23PyPI
Published Aug 09, 2019
Tracked Since Feb 18, 2026