CVE-2021-35042
pypi/Django
SQL Injection
Django allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application.
All versions starting from 3.1 before 3.1.13, all versions starting from 3.2 before 3.2.5
Upgrade to versions 3.1.13, 3.2.5 or above.
2021-07-12
source |