Django has released a security fix for a High severity SQL injection vulnerability (CVE-2022-34265) in Django 4.0.6 and 3.2.14.
Django is a free and open-source, Python-based web framework that enables rapid development of secure and maintainable websites. It is maintained by the Django Software Foundation,
According to a Django security update, a potential SQL injection vulnerability CVE-2022-34265 exists via Trunc(kind) and Extract(lookup_name) arguments.
“Trunc() and Extract() database functions were subject to SQL injection if untrusted data was used as a kind/lookup_name value,” Django stated in the advisory.