CVE-2021-30459

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in pypi/django-debug-toolbar

Identifiers

CVE-2021-30459, GHSA-pghf-347x-c2gj

Package Slug

pypi/django-debug-toolbar

Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

Affected Versions

All versions starting from 0.10.0 before 1.11.1, all versions starting from 2.0.0 before 2.2.1, all versions starting from 3.0.0 before 3.2.1

Solution

Upgrade to versions 1.11.1, 2.2.1, 3.2.1 or above.

Last Modified

2022-01-10

source