CVE-2021-30459

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-30459

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-30459.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-30459

Aliases

Related

Published

2021-04-14T18:15:14Z

Modified

2025-01-08T08:02:56.664846Z

Downstream

openSUSE-SU-2024:11225-1

openSUSE-SU-2024:14137-1

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

References

Affected packages

Git / github.com/jazzband/django-debug-toolbar

Affected ranges

Type: GIT
Repo: https://github.com/jazzband/django-debug-toolbar
Events: Introduced

dab9a28e6d80aa65f595c0bb48846aa6018f0473

Fixed

bc08f692742981b4155818639d6f40df76d1cee5

Affected versions

0.*

0.10.0

0.10.1

0.10.2

1.*

1.0

1.0.1

1.1

1.10

1.10.1

1.11

1.2

1.2.1

1.2.2

1.3

1.3.2

1.4

1.5

1.6

1.7

1.8

1.9

1.9.1