Solomon Kebede

**Name of the Vulnerable Software and Affected Versions** Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier **Description** The `FilteredRelation` component is susceptible to SQL injection in column aliases through the use of control characters. This occurs when a crafted dictionary is used with dictionary expansion as the `**kwargs` passed to the `annotate()`, `aggregate()`, `extra()`, `values()`, `values list()`, and `alias()` methods of `QuerySet`. **Recommendations** Update to Django version 6.0.2 or later. Update to Django version 5.2.11 or later. Update to Django version 4.2.28 or later.

**Name of the Vulnerable Software and Affected Versions** Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier **Description** The `.QuerySet.order by()` function is susceptible to SQL injection when column aliases contain periods, particularly when a crafted dictionary is used with dictionary expansion within a `FilteredRelation`. This can occur when the same alias is utilized. Earlier, unsupported Django series, including versions 5.0.x, 4.1.x, and 3.2.x, may also be affected. **Recommendations** Update to Django version 6.0.2 or later. Update to Django version 5.2.11 or later. Update to Django version 4.2.28 or later.