With Django Debug Toolbar attackers are able to execute SQL by changing the raw_sql
input of the SQL explain, analyze or select forms and submitting the form.
NOTE: This is a high severity issue for anyone using the toolbar in a production environment.
Generally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.
Please upgrade to one of the following versions, depending on the major version you're using:
If you have any questions or comments about this advisory: * Open an issue in the django-debug-toolbar repo (Please NO SENSITIVE INFORMATION, send an email instead!) * Email us at security@jazzband.co
{ "nvd_published_at": "2021-04-14T18:15:00Z", "cwe_ids": [ "CWE-89" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-04-14T22:22:37Z" }