http://shivasurya.me/categories/django/Recent content in Django on ShivasuryaHugoen-usFri, 07 Nov 2025 00:00:00 +0000http://shivasurya.me/2025/11/07/django-sql-injection-CVE-2025-64459/Fri, 07 Nov 2025 00:00:00 +0000http://shivasurya.me/2025/11/07/django-sql-injection-CVE-2025-64459/<h2 id="vulnerability-overview">Vulnerability Overview</h2> <p>Yesterday I came across this CVE-2025-64459 and I was bit skeptical about the severity of the issue as it was marked as critical. So I decided to do a deep dive into the issue and see if it was a real issue or not. Turns out it was a real issue only if you&rsquo;re meeting the following conditions:</p> <ol> <li> <p>You&rsquo;re using Django Affected versions</p> <ul> <li><code>&gt;= 5.2a1, &lt; 5.2.8</code></li> <li><code>&gt;= 5.0a1, &lt; 5.1.14</code></li> <li><code>&lt; 4.2.26</code></li> </ul> </li> <li> <p>Source: request.GET or request.POST dict</p>