Search criteria
3 vulnerabilities found for django_debug_toolbar by jazzband
FKIE_CVE-2021-30459
Vulnerability from fkie_nvd - Published: 2021-04-14 18:15 - Updated: 2024-11-21 06:03
Severity ?
Summary
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jazzband | django_debug_toolbar | * | |
| jazzband | django_debug_toolbar | * | |
| jazzband | django_debug_toolbar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9155971C-2E44-4DBF-8AAA-B08687454051",
"versionEndExcluding": "1.11.1",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C582D6A7-0A92-4C7F-9392-FBBA302AAADC",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F28FC87E-8A6E-44E0-8E93-9A498B18F2E0",
"versionEndExcluding": "3.2.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."
},
{
"lang": "es",
"value": "Un problema de inyecci\u00f3n SQL en el panel SQL en Jazzband Django Debug Toolbar versiones anteriores a 1.11.1, versiones 2.x anteriores a 2.2.1 y versiones 3.x anteriores a 3.2.1, permite a atacantes ejecutar sentencias SQL al cambiar el campo de entrada raw_sql del formulario de explicaci\u00f3n, an\u00e1lisis o selecci\u00f3n de SQL"
}
],
"id": "CVE-2021-30459",
"lastModified": "2024-11-21T06:03:57.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-14T18:15:14.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-30459 (GCVE-0-2021-30459)
Vulnerability from cvelistv5 – Published: 2021-04-14 17:27 – Updated: 2024-08-03 22:32
VLAI?
Summary
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T17:27:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jazzband/django-debug-toolbar/releases",
"refsource": "MISC",
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"name": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj",
"refsource": "CONFIRM",
"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
},
{
"name": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30459",
"datePublished": "2021-04-14T17:27:00",
"dateReserved": "2021-04-08T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30459 (GCVE-0-2021-30459)
Vulnerability from nvd – Published: 2021-04-14 17:27 – Updated: 2024-08-03 22:32
VLAI?
Summary
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T17:27:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jazzband/django-debug-toolbar/releases",
"refsource": "MISC",
"url": "https://github.com/jazzband/django-debug-toolbar/releases"
},
{
"name": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj",
"refsource": "CONFIRM",
"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
},
{
"name": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30459",
"datePublished": "2021-04-14T17:27:00",
"dateReserved": "2021-04-08T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}