【官方悬赏】CVE-2020-7471(悬赏等级:高)

CVE 编号

CVE-2020-7471

危害级别

影响产品

  • Django 1.11 before 1.11.28
  • Django 2.2 before 2.2.10
  • Django 3.0 before 3.0.3

漏洞描述

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.

通过特定设计的定界符传递给contrib.postgres.aggregates.StringAgg实例,可以打破转义并注入恶意SQL。

可参考链接:
https://www.openwall.com/lists/oss-security/2020/02/03/1


https://www.djangoproject.com/weblog/2020/feb/03/security-releases/

漏洞解决方案

官方已修复漏洞,具体可参考:

https://www.djangoproject.com/weblog/2020/feb/03/security-releases/

悬赏时间

2020.2.16

悬赏种类

官方悬赏

悬赏问题

该漏洞具体细节以及漏洞证明

悬赏解决方式

在论坛【悬赏细节】版面对于本漏洞进行漏洞分析

悬赏积分

5 酒币

悬赏状态

待解决