**Name of the Vulnerable Software and Affected Versions:**

Django versions prior to 4.2.24

Django versions prior to 5.1.12

Django versions prior to 5.2.6

**Description:**

An issue has been discovered in Django’s FilteredRelation feature, allowing for SQL injection in column aliases when using a crafted dictionary with dictionary expansion as the `kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()`. This vulnerability could allow attackers to manipulate queries and potentially access sensitive data. Approximately 8.4 million services are estimated to be affected yearly.

**Recommendations:**

Django versions prior to 4.2.24: Upgrade to version 4.2.24 or later.

Django versions prior to 5.1.12: Upgrade to version 5.1.12 or later.

Django versions prior to 5.2.6: Upgrade to version 5.2.6 or later.