CVE-2024-27105: Unvalidated Dict To Query Object
Dictionary keys are directly passed to query object constructors without validation. This can lead to SQL injection or authorization bypass if attackers can supply arbitrary functions as keys.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0python
greprules fetch cve-2024-27105-unvalidated-dict-to-query-object --engine opengrepDescription
Dictionary keys are directly passed to query object constructors without validation. This can lead to SQL injection or authorization bypass if attackers can supply arbitrary functions as keys.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.