Django, an open-source Python-based web framework, has detected a SQL injection vulnerability (CVE-2022-34265) in some recent versions. Django fixed the issue in versions 4.0.6 and 3.2.14.
Actions to Consider
If you have are using Django, check the version number and input handling. If the kind/lookup_name values are constrained to a known safe list, the risk of exploit is mitigated. Otherwise, if using Django 3.2.13 or older or Django 4.0.5 or older, we recommend patching during your next maintenance cycle.
Event Impact
SQL injection can enable unauthorized access to data, and possibly corrupt information in the database, although more specific information on how this vulnerability could be exploited is not yet available.