Developers have published corrective releases of Django framework 4.0.6 and 3.2.14, which fixed vulnerability CVE-2022-34265.
It potentially allowed you to perform substitution of your SQL code.
The potential SQL Injection vulnerability existed in the main Django branch, as well as in versions 4.1 (currently in beta), 4.0, and 3.2. The problem affected applications using unverified external data in the kind and lookupname parameters passed to the Trunc(kind) and Extract(lookupname) functions.
In Release 4.1, the developers will further harden the security of the extract and truncate date methods. However, the changes in the API will break compatibility with third-party database backends.