Environment
GroupWise Mobility 24.x
Situation
The django version thats installed with GMS is version 4.2.6 which has a security issue reported as CVE-2024-53908.
GMS however is not vulnerable to this issue because of the following:
1. The CVE is limited to applications with direct usage of django.db.models.fields.json.HasKey using untrusted data, applications that use jsonfield.has_key are unaffected.
GMS only uses jsonfield.has_key, and is therefore not vulnerable to the attack.
2. The attack is limited to when an Oracle database is used, we use PostgreSQL and we don't support an Oracle database with GMS.