CVE-2021-30459, GHSA-pghf-347x-c2gj
pypi/django-debug-toolbar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
All versions starting from 0.10.0 before 1.11.1, all versions starting from 2.0.0 before 2.2.1, all versions starting from 3.0.0 before 3.2.1
Upgrade to versions 1.11.1, 2.2.1, 3.2.1 or above.
2022-01-10
source |