PYSEC-2021-10

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/django-debug-toolbar/PYSEC-2021-10.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-10

Aliases

Published

2021-04-14T18:15:00Z

Modified

2023-11-01T04:55:16.990476Z

Summary

[none]

Details

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

References

Affected packages

PyPI / django-debug-toolbar

Package

Name: django-debug-toolbar; View open source insights on deps.dev
Purl: pkg:pypi/django-debug-toolbar

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.10.0

Fixed

1.11.1

Introduced

2.0

Fixed

2.2.1

Introduced

3.0

Fixed

3.2.1

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.11

0.11.0

1.*

1.0

1.0.1

1.1

1.2

1.2.1

1.2.2

1.3.0

1.3.1

1.3.2

1.4

1.5

1.6

1.7

1.8

1.9

1.9.1

1.10

1.10.1

1.11

2.*

2.0

2.1

2.2

3.*

3.0

3.1

3.1.1

3.2a1

3.2