Django Debug Toolbar security releases issued: 3.2.1, 2.2.1 and 1.11.1. | Weblog

Django Debug Toolbar security releases issued: 3.2.1, 2.2.1 and 1.11.1

In accordance with the security release policies that Django and Jazzband are following, the Jazzband project team for the Django Debug Toolbar project is issuing Django Debug Toolbar 3.2.1, Django Debug Toolbar 2.2.1 and Django Debug Toolbar 1.11.1. These releases address the security issue with severity “high” detailed below. We encourage all users of Django Debug Toolbar to upgrade as soon as possible.

CVE-2021-30459 - SQL Injection via Select, Explain and Analyze forms of the SQLPanel for Django Debug Toolbar >= 0.10.0

With Django Debug Toolbar 0.10.0 and above, attackers are able to execute SQL by changing the raw_sql input of the SQL explain, analyze or select forms and submitting the form.

This is a high severity issue for anyone using the toolbar in a production environment.

Generally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.

The GitHub Security Advisory can be found here:

https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj

Affected supported versions

Django Debug Toolbar main branch
Django Debug Toolbar 3.2
Django Debug Toolbar 2.2
Django Debug Toolbar 1.11

#django #weblog #django debug toolbar security releases issued: 3.2.1, 2.2.1 and 1.11.1. | weblog | django #debug-toolbar-security-releases #published

Django Debug Toolbar security releases issued: 3.2.1, 2.2.1 and 1.11.1

CVE-2021-30459 - SQL Injection via Select, Explain and Analyze forms of the SQLPanel for Django Debug Toolbar >= 0.10.0

Affected supported versions

djangoproject.com

Django Debug Toolbar security releases issued: 3.2.1, 2.2.1 and 1.11.1. | Weblog | Django