CVE-2021-30459: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
(updated )
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
References
- cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30459
- github.com/advisories/GHSA-pghf-347x-c2gj
- github.com/jazzband/django-debug-toolbar/releases
- github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj
- nvd.nist.gov/vuln/detail/CVE-2021-30459
- www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/
Detect and mitigate CVE-2021-30459 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →