QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and
QuerySet.extra() methods were subject to SQL injection in column aliases, using
a suitably crafted dictionary, with dictionary expansion, as the **kwargs
passed to these methods on MySQL and MariaDB.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-59681
Upstream-patch:
38d9ef8c7b
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
FilteredRelation was subject to SQL injection in column aliases, using a
suitably crafted dictionary, with dictionary expansion, as the **kwargs
passed QuerySet.annotate() or QuerySet.alias().
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-57833
Upstream-patch:
31334e6965
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64460
Backport the patch that explicitly references this CVE in its
commit message.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
