CVE-2021-30459
SQL Injection via in django-debug-toolbar
9.8
CRITICAL
CVSS 3.1
EPSS 0.17%
Description
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
How to fix CVE-2021-30459
To remediate CVE-2021-30459, upgrade the affected package to a fixed version below.
- —upgrade to 1.11.1 or later
- —upgrade to 1.11.1 or later
Is CVE-2021-30459 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 0.10.0, < 1.11.1
- >= 0.10.0, < 1.11.1, >= 2.0, < 2.2.1, >= 3.0, < 3.2.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |