Wind River Support Network

HomeDefectsLIN1021-729
Fixed

LIN1021-729 : Security Advisory - python-django - CVE-2021-35042

Created: Jul 1, 2021    Updated: Sep 25, 2021
Resolved Date: Sep 2, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.5
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

https://nvd.nist.gov/vuln/detail/CVE-2021-35042

CVEs


Live chat
Online