CVE-2021-30459
CRITICALJazzband Django Debug Toolbar <3.2.1 - SQL Injection
Title source: llmDescription
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/jazzband/django-debug-toolbar/releases
Patch, Third Party Advisory x_refsource_confirm
https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj
Vendor Advisory x_refsource_confirm
https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/
Scores
CVSS v3
9.8
EPSS
0.0192
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
jazzband/django_debug_toolbar
0.10.0 - 1.11.1
pypi/django-debug-toolbar
0.10.0 - 1.11.1PyPI
Published
Apr 14, 2021
Tracked Since
Feb 18, 2026