What is CVE-2020-9402?

CVE-2020-9402 is a vulnerability in N/a. Published 2020-03-05.

Is CVE-2020-9402 known to be exploited?

34 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-9402

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions…

EPSS: 0.850 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

docs.djangoproject.com/en/3.0/releases/security/ (x_refsource_MISC)
groups.google.com/forum/ (x_refsource_MISC)
www.djangoproject.com/weblog/2020/mar/04/security-releases/ (x_refsource_CONFIRM)
USN-4296-1 (vendor-advisory, x_refsource_UBUNTU)
security.netapp.com/advisory/ntap-20200327-0004/ (x_refsource_CONFIRM)
GLSA-202004-17 (vendor-advisory, x_refsource_GENTOO)
DSA-4705 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2020-c2639662af (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-2e7d30f7aa (vendor-advisory, x_refsource_FEDORA)
[debian-lts-announce] 20220526 [SECURITY] [DLA 3024-1] python-django security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-9402?: CVE-2020-9402 is a vulnerability in N/a. Published 2020-03-05.
Is CVE-2020-9402 known to be exploited?: 34 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.