VYPR
Critical severityNVD Advisory· Published Jul 2, 2021· Updated Aug 4, 2024

CVE-2021-35042

CVE-2021-35042

Description

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 3.2a1, < 3.2.53.2.5
DjangoPyPI
>= 3.0a1, < 3.1.133.1.13

Affected products

6

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.