CVE-2021-30459

SQL Injection in pypi/django_debug_toolbar

Identifier

CVE-2021-30459

Package Slug

pypi/djangodebugtoolbar

Vulnerability

SQL Injection

Description

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

Affected Versions

All versions starting from 0.10.0 before 1.11.1, all versions starting from 2.0.0 before 2.2.1, all versions starting from 3.0.0 before 3.2.1

Solution

Upgrade to versions 1.11.1, 2.2.1, 3.2.1 or above.

Last Modified

2021-04-30

source