Vulnerabilities > Djangoproject > Django > 2.2.7

DATE CVE VULNERABILITY TITLE RISK
2020-02-03 CVE-2020-7471 SQL Injection vulnerability in Djangoproject Django
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter).
network
low complexity
djangoproject CWE-89
critical
 9.8
9.8
2019-12-18 CVE-2019-19844 Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover.
network
low complexity
djangoproject canonical CWE-640
critical
 9.8
9.8
2019-12-02 CVE-2019-19118 Incorrect Default Permissions vulnerability in multiple products
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing.
network
low complexity
djangoproject fedoraproject CWE-276
6.5
6.5