Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-02T09:54:11
Updated: 2024-08-04T00:33:49.895Z
Reserved: 2021-06-18T00:00:00
Link: CVE-2021-35042
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-07-02T10:15:07.653
Modified: 2024-11-21T06:11:43.993
Link: CVE-2021-35042
Redhat