[Snyk:High] SQL Injection Django - due (03/27/2026)

### Overview
[Django](https://pypi.org/project/Django/) is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to SQL Injection via the band index parameter band_lhs in check_raster lookups when using PostGIS. An attacker can execute arbitrary SQL commands by supplying crafted input to this parameter.


https://app.snyk.io/vuln/SNYK-PYTHON-DJANGO-15183335

### Security information
Factors contributing to the scoring:
Snyk: [CVSS v4.0 7.7](https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-15183335) - High Severity | [CVSS v3.1 7.5](https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-15183335) - High Severity
NVD: Not available. NVD has not yet published its analysis.
[Why are the scores different? Learn how Snyk evaluates vulnerability scores](https://docs.snyk.io/features/fixing-and-prioritizing-issues/issue-management/severity-levels#understanding-snyks-vulnerability-analysis)


### Action item:
- [ ] Upgrade django to version 5.2.11 or 6.0.2

### Completion criteria:
- [ ] The Django package has been updated, and the Snyk vulnerability has been remediated.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk:High] SQL Injection Django - due (03/27/2026) #6981

Overview

Security information

Action item:

Completion criteria:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Snyk:High] SQL Injection Django - due (03/27/2026) #6981

Description

Overview

Security information

Action item:

Completion criteria:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions