CVE-2021-35042
Summary
| CVE | CVE-2021-35042 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-07-02 10:15:00 UTC |
|---|
| Updated | 2023-11-07 03:36:00 UTC |
|---|
| Description | Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 34 Update: python-django-3.1.13-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Redirecting to Google Groups |
|
groups.google.com |
|
| [SECURITY] Fedora 34 Update: python-django-3.1.13-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Redirecting to Google Groups |
MISC |
groups.google.com |
|
| Archive of security issues | Django documentation | Django |
MISC |
docs.djangoproject.com |
|
| oss-security - Django: CVE-2021-35042: Potential SQL injection via unsanitized
QuerySet.order_by() input |
CONFIRM |
www.openwall.com |
|
| Django security releases issued: 3.2.5 and 3.1.13 | Weblog | Django |
CONFIRM |
www.djangoproject.com |
|
| CVE-2021-35042 Django Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 281824 Fedora Security Update for python (FEDORA-2021-78e501d62a)
- 296060 Oracle Solaris 11.4 Support Repository Update (SRU) 37.0.1.101.1 Missing (CPUJUL2021)
- 375743 Django Framework SQL Injection Vulnerability
- 501675 Alpine Linux Security Update for py3-django
- 505299 Alpine Linux Security Update for py3-django
- 980629 Python (pip) Security Update for Django (GHSA-xpfp-f569-q3p2)
