Cyberstan

**Name of the Vulnerable Software and Affected Versions** Django versions prior to 5.1.14, prior to 4.2.26, and prior to 5.2.8 **Description** Django is susceptible to a SQL injection issue due to improper handling of dictionary expansion when using the `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()` methods, as well as the `Q()` class. An attacker can inject malicious SQL code by crafting a dictionary with a specifically designed ` connector` argument. This allows for potential database manipulation, including bypassing authentication, data exfiltration, and privilege escalation. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) may also be affected. The vulnerability arises when user-controlled input is directly passed to these methods via dictionary expansion. The ` connector` parameter can be manipulated to alter query logic, for example, changing 'AND' to 'OR'. **Recommendations** Update to Django versions 5.2.8, 5.1.14, or 4.2.26. Audit code for usages of `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()` with dictionary expansion. Never pass `request.GET.dict()` directly to QuerySet methods. Implement input validation using Django Forms. Implement whitelisting of filter parameters. Explicitly map fields instead of using dictionary expansion. Monitor logs for usage of the ` connector` and ` negated` parameters.