CVE-2021-30459

CRITICAL

Jazzband Django Debug Toolbar <3.2.1 - SQL Injection

Title source: llm
STIX 2.1

Description

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0192
EPSS Percentile 77.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (2)
jazzband/django_debug_toolbar 0.10.0 - 1.11.1
pypi/django-debug-toolbar 0.10.0 - 1.11.1PyPI
Published Apr 14, 2021
Tracked Since Feb 18, 2026