Launchpad CVE tracker

CVE 2021-35042

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

Related bugs and status

CVE-2021-35042 (Candidate) is related to these bugs:

Bug #1946890: Merge python-django from Debian unstable for 22.04

Summary				In	Importance	Status
	1946890	Merge python-django from Debian unstable for 22.04		python-django (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.djangoproj...
CONFIRM: https://www.openwall.c...
MISC: https://docs.djangopro...
MISC: https://groups.google....
CONFIRM: https://security.netap...
FEDORA: FEDORA-2021-78e501d62a

Launchpad.net

CVE 2021-35042

Related bugs and status

Related bugs

References