Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3024 advisory.

  - Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data     is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted     tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject     malicious SQL. (CVE-2020-9402)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1313 advisory.

    Red Hat Satellite is a systems management tool for Linux-based     infrastructure. It allows for provisioning, remote management, and     monitoring of multiple Linux deployments with a single centralized tool.

    Security Fix(es):

    * foreman: Managing repositories with their id via hammer does not respect the role filters     (CVE-2017-2662)
    * python-psutil: Double free because of refcount mishandling (CVE-2019-18874)
    * candlepin: netty: compression/decompression codecs don't enforce limits on buffer allocation sizes     (CVE-2020-11612)
    * foreman: world-readable OMAPI secret through the ISC DHCP server (CVE-2020-14335)
    * candlepin: resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's     WebApplicationException handling (CVE-2020-25633)
    * python-django: potential SQL injection via tolerance parameter in GIS functions and aggregates on     Oracle (CVE-2020-9402)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    Additional Changes:

    * Usability enhancements to Red Hat's Simple Content Access mode and Satellite

    * Usability improvements to enabling Remote Execution on your hosts.

    * Notifications in the UI to warn users when subscriptions are expiring.

    * Usability enhancements to enable Insights integration with Satellite.

    * Performance improvements to various aspects of the user interface and API.

    * Added support for OpenID Connect for authentication.

    * Usability improvements to the Satellite Installer.

    * Updated Ruby web server to the modern Puma application server which replaces Passenger.

    The items above are not a complete list of changes. This update also fixes     several bugs and adds various enhancements. Documentation for these changes     is available from the Release Notes document linked to in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

- Security fix for CVE-2020-7471.

  - Security fix for CVE-2020-9402.

  - Security fix for CVE-2020-13254.

  - Security fix for CVE-2020-13596.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that Django, a high-level Python web development framework, did not properly sanitize input. This would allow a remote attacker to perform SQL injection attacks, Cross-Site Scripting (XSS) attacks, or leak sensitive information.

The remote host is affected by the vulnerability described in GLSA-202004-17 (Django: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Django. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker, by sending specially crafted input, could possibly       cause a Denial of Service condition, or alter the database.
  Workaround :

    There is no known workaround at this time.

MITRE CVE reports :

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4296-1 advisory.

    Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A     remote attacker could possibly use this issue to perform an SQL injection attack.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
161614	Debian DLA-3024-1 : python-django - LTS security update	Nessus	Debian Local Security Checks	high
148903	RHEL 7 : Satellite 6.9 Release (Moderate) (RHSA-2021:1313)	Nessus	Red Hat Local Security Checks	critical
137686	Fedora 32 : python-django (2020-c2639662af)	Nessus	Fedora Local Security Checks	critical
137680	Fedora 31 : python-django (2020-2e7d30f7aa)	Nessus	Fedora Local Security Checks	critical
137673	Debian DSA-4705-1 : python-django - security update	Nessus	Debian Local Security Checks	high
136216	GLSA-202004-17 : Django: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
134437	FreeBSD : Django -- potential SQL injection vulnerability (1685144e-63ff-11ea-a93a-080027846a02)	Nessus	FreeBSD Local Security Checks	high
134301	Ubuntu 16.04 LTS / 18.04 LTS : Django vulnerability (USN-4296-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2020-9402

high

Tenable Plugins

high

critical

critical

critical

high

critical

high

high