CVE-2024-53908: Django Potential SQL injection in `HasKey(lhs, rhs)` on Oracle

I've found a potential SQL Injection vulnerability and reported it to the Django team. You can find detailed information at the following link: - https://www.djangoproject.com/weblog/2024/dec/04/security-releases/ - https://nvd.nist.gov/vuln/detail/CVE-2024-53908 Direct usage of the `django.db.models.fields.json.HasKey` lookup on Oracle is subject to SQL injection if untrusted data is used as a lhs value. Applications that use the `jsonfield.has_key` lookup through the `__` syntax are unaffected. ## Impact This vulnerability could potentially allow an attacker to execute arbitrary SQL commands, leading to unauthorized access, data manipulation, or information disclosure. The issue affects the Django Framework, particularly when using the `HasKey` lookup on Oracle databases.