7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.5%
With Django Debug Toolbar attackers are able to execute SQL by changing the raw_sql
input of the SQL explain, analyze or select forms and submitting the form.
NOTE: This is a high severity issue for anyone using the toolbar in aproduction environment.
Generally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.
Please upgrade to one of the following versions, depending on the major version you’re using:
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
django-debug-toolbar | lt | 2.2.1 | |
django-debug-toolbar | ge | 0.10.0 | |
django-debug-toolbar | lt | 1.11.1 | |
django-debug-toolbar | lt | 3.2.1 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30459
github.com/advisories/GHSA-pghf-347x-c2gj
github.com/jazzband/django-debug-toolbar/releases
github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj
nvd.nist.gov/vuln/detail/CVE-2021-30459
www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.5%