-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability specifically mentions direct usage of HasKey lookup on Oracle being vulnerable. The security patches show modifications to the as_oracle method in django/db/models/fields/json.py, which handles Oracle-specific SQL generation. The unpatched version likely concatenated untrusted lhs values directly into SQL queries without proper parameterization, leading to injection. The __has_key syntax (which uses a different code path) is explicitly stated to be unaffected, further narrowing it to the direct HasKey implementation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Django | pip | >= 5.0.0, < 5.0.10 | 5.0.10 |
| Django | pip | >= 5.1.0, < 5.1.4 | 5.1.4 |
| Django | pip | >= 4.2.0, < 4.2.17 | 4.2.17 |
| django | pip | >= 5.1, < 5.1.4 | 5.1.4 |
| django | pip | >= 5.0, < 5.0.10 | 5.0.10 |
| django | pip | >= 4.2, < 4.2.17 | 4.2.17 |
A Semantic Attack on Google Gemini - Read the Latest Research