CVE-2021-35042

SQL Injection in pypi/Django

Identifier

CVE-2021-35042

Package Slug

pypi/Django

Vulnerability

SQL Injection

Description

Django allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application.

Affected Versions

All versions starting from 3.1 before 3.1.13, all versions starting from 3.2 before 3.2.5

Solution

Upgrade to versions 3.1.13, 3.2.5 or above.

Last Modified

2021-07-12

source