Security Advisory

CVE-2021-35042

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-02 09:54:11

Last updated 2024-08-04 00:33:49

Assigner mitre

State PUBLISHED

Description

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

← Browse all CVEs View on cve.org ↗