mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

[5.1.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.

Browse Source 
Thanks Eyal (eyalgabay) for the report.
This commit is contained in:
Simon Charette
2024-07-25 12:19:13 -04:00
committed by Sarah Boyce
parent bd807c0c25
commit e2583fbc2e
5 changed files with 38 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/expressions/models.py
View File

@@ -111,3 +111,10 @@ class UUID(models.Model):
class Text(models.Model):
name = models.TextField()
class JSONFieldModel(models.Model):
data = models.JSONField(null=True)
class Meta:
required_db_features = {"supports_json_field"}