CVE-2021-35042
SQL Injection in pypi/Django
Identifiers
CVE-2021-35042
Package Slug
pypi/Django
Vulnerability
SQL Injection
Description
Django allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application.
Affected Versions
All versions starting from 3.1 before 3.1.13, all versions starting from 3.2 before 3.2.5
Solution
Upgrade to versions 3.1.13, 3.2.5 or above.
Last Modified
2021-07-12
| source |