The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
[2.2.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and index lookups against SQL injection.
Thanks to Sage M. Abdullah for the report and initial patch. Thanks Florian Apolloner for reviews.
by
Teresa the Ferret 2019-07-22 08:45:26 UTC
commit 4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
Django
Fix
CVE-2019-14234
django/contrib/postgres/fields/hstore.py
+1
-1
django/contrib/postgres/fields/jsonb.py
+5
-3
docs/releases/1.11.23.txt
-9
docs/releases/2.1.11.txt
-9
docs/releases/2.2.4.txt
-9
tests/postgres_tests/test_hstore.py
+1
-14
tests/postgres_tests/test_json.py
+1
-14
expand_less
The Vulnerability History Project