Eyalsec

**Name of the Vulnerable Software and Affected Versions** Django versions prior to 4.2.24 Django versions prior to 5.1.12 Django versions prior to 5.2.6 **Description** An issue was discovered in Django’s FilteredRelation feature, leading to SQL injection in column aliases when using a crafted dictionary with dictionary expansion as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()`. This vulnerability allows attackers to potentially manipulate queries and access sensitive data. Approximately 8.4 million services are estimated to be affected yearly. **Recommendations** Django versions prior to 4.2.24: Upgrade to version 4.2.24 or later. Django versions prior to 5.1.12: Upgrade to version 5.1.12 or later. Django versions prior to 5.2.6: Upgrade to version 5.2.6 or later.