Django 3.1.x prior to 3.1.13 and 3.2.x prior to 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django |
||
fedoraproject fedora 34 |