Vulnerability-Lookup

CVE-2021-30459 (GCVE-0-2021-30459)

Vulnerability from cvelistv5 – Published: 2021-04-14 17:27 – Updated: 2024-08-03 22:32

Summary

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

FKIE_CVE-2021-30459

Vulnerability from fkie_nvd - Published: 2021-04-14 18:15 - Updated: 2024-11-21 06:03

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://github.com/jazzband/django-debug-toolbar/releases	Third Party Advisory
cve@mitre.org	https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj	Patch, Third Party Advisory
cve@mitre.org	https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jazzband/django-debug-toolbar/releases	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/	Vendor Advisory

Impacted products

Vendor	Product	Version
jazzband	django_debug_toolbar	*
jazzband	django_debug_toolbar	*
jazzband	django_debug_toolbar	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9155971C-2E44-4DBF-8AAA-B08687454051",
              "versionEndExcluding": "1.11.1",
              "versionStartIncluding": "0.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C582D6A7-0A92-4C7F-9392-FBBA302AAADC",
              "versionEndExcluding": "2.2.1",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28FC87E-8A6E-44E0-8E93-9A498B18F2E0",
              "versionEndExcluding": "3.2.1",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."
    },
    {
      "lang": "es",
      "value": "Un problema de inyecci\u00f3n SQL en el panel SQL en Jazzband Django Debug Toolbar versiones anteriores a 1.11.1, versiones 2.x anteriores a 2.2.1 y versiones 3.x anteriores a 3.2.1, permite a atacantes ejecutar sentencias SQL al cambiar el campo de entrada raw_sql del formulario de explicaci\u00f3n, an\u00e1lisis o selecci\u00f3n de SQL"
    }
  ],
  "id": "CVE-2021-30459",
  "lastModified": "2024-11-21T06:03:57.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-14T18:15:14.877",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/jazzband/django-debug-toolbar/releases"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/jazzband/django-debug-toolbar/releases"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-30459

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-30459

Aliases

CVE-2021-30459

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30459",
    "description": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.",
    "id": "GSD-2021-30459",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-30459.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30459"
      ],
      "details": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.",
      "id": "GSD-2021-30459",
      "modified": "2023-12-13T01:23:32.002784Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-30459",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/jazzband/django-debug-toolbar/releases",
            "refsource": "MISC",
            "url": "https://github.com/jazzband/django-debug-toolbar/releases"
          },
          {
            "name": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj",
            "refsource": "CONFIRM",
            "url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
          },
          {
            "name": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/",
            "refsource": "CONFIRM",
            "url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.10.0,\u003c1.11.1||\u003e=2.0.0,\u003c2.2.1||\u003e=3.0.0,\u003c3.2.1",
          "affected_versions": "All versions starting from 0.10.0 before 1.11.1, all versions starting from 2.0.0 before 2.2.1, all versions starting from 3.0.0 before 3.2.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-89",
            "CWE-937"
          ],
          "date": "2021-04-21",
          "description": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.",
          "fixed_versions": [
            "1.11.1",
            "2.2.1",
            "3.2.1"
          ],
          "identifier": "CVE-2021-30459",
          "identifiers": [
            "CVE-2021-30459",
            "GHSA-pghf-347x-c2gj"
          ],
          "not_impacted": "All versions before 0.10.0, all versions starting from 1.11.1 before 2.0.0, all versions starting from 2.2.1 before 3.0.0, all versions starting from 3.2.1",
          "package_slug": "pypi/django-debug-toolbar",
          "pubdate": "2021-04-14",
          "solution": "Upgrade to versions 1.11.1, 2.2.1, 3.2.1 or above.",
          "title": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "urls": [
            "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30459",
            "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-30459",
            "https://github.com/jazzband/django-debug-toolbar/releases",
            "https://github.com/advisories/GHSA-pghf-347x-c2gj"
          ],
          "uuid": "ca02b6ac-b7f2-468b-9c4b-6df6396c0351"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.1",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.1",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.1",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30459"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
            },
            {
              "name": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
            },
            {
              "name": "https://github.com/jazzband/django-debug-toolbar/releases",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/jazzband/django-debug-toolbar/releases"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-04-21T15:05Z",
      "publishedDate": "2021-04-14T18:15Z"
    }
  }
}

GHSA-PGHF-347X-C2GJ

Vulnerability from github – Published: 2021-04-16 19:53 – Updated: 2024-09-13 20:10

Summary

SQL Injection via in django-debug-toolbar

Details

Impact

With Django Debug Toolbar attackers are able to execute SQL by changing the raw_sql input of the SQL explain, analyze or select forms and submitting the form.

NOTE: This is a high severity issue for anyone using the toolbar in a production environment.

Generally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.

Patches

Please upgrade to one of the following versions, depending on the major version you're using:

Version 1.x: django-debug-toolbar 1.11.1
Version 2.x: django-debug-toolbar 2.2.1
Version 3.x: django-debug-toolbar 3.2.1

For more information

If you have any questions or comments about this advisory: * Open an issue in the django-debug-toolbar repo (Please NO SENSITIVE INFORMATION, send an email instead!) * Email us at security@jazzband.co

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-debug-toolbar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.10.0"
            },
            {
              "fixed": "1.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-debug-toolbar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0a1"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-debug-toolbar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0a1"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-30459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-14T22:22:37Z",
    "nvd_published_at": "2021-04-14T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nWith Django Debug Toolbar attackers are able to execute SQL by changing the `raw_sql` input of the SQL explain, analyze or select forms and submitting the form.\n\n**NOTE:** This is a high severity issue for anyone using the toolbar in a **production environment**.\n\nGenerally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.\n\n### Patches\nPlease upgrade to one of the following versions, depending on the major version you\u0027re using:\n\n- Version 1.x: [django-debug-toolbar 1.11.1](https://pypi.org/project/django-debug-toolbar/1.11.1/)\n- Version 2.x: [django-debug-toolbar 2.2.1](https://pypi.org/project/django-debug-toolbar/2.2.1/)\n- Version 3.x: [django-debug-toolbar 3.2.1](https://pypi.org/project/django-debug-toolbar/3.2.1/)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in the [django-debug-toolbar repo](https://github.com/jazzband/django-debug-toolbar/issues/new)  (Please NO SENSITIVE INFORMATION, send an email instead!)\n* Email us at [security@jazzband.co](mailto:security@jazzband.co)",
  "id": "GHSA-pghf-347x-c2gj",
  "modified": "2024-09-13T20:10:20Z",
  "published": "2021-04-16T19:53:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30459"
    },
    {
      "type": "WEB",
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30459"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jazzband/django-debug-toolbar"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jazzband/django-debug-toolbar/releases"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-debug-toolbar/PYSEC-2021-10.yaml"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SQL Injection via in django-debug-toolbar"
}

OPENSUSE-SU-2024:14137-1

Vulnerability from csaf_opensuse - Published: 2024-07-12 00:00 - Updated: 2024-07-12 00:00

Summary

python310-django-debug-toolbar-4.3-1.2 on GA media

Notes

Title of the patch

python310-django-debug-toolbar-4.3-1.2 on GA media

Description of the patch

These are all security issues fixed in the python310-django-debug-toolbar-4.3-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-14137

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python310-django-debug-toolbar-4.3-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python310-django-debug-toolbar-4.3-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-14137",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14137-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-30459 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-30459/"
      }
    ],
    "title": "python310-django-debug-toolbar-4.3-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-07-12T00:00:00Z",
      "generator": {
        "date": "2024-07-12T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:14137-1",
      "initial_release_date": "2024-07-12T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-07-12T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python310-django-debug-toolbar-4.3-1.2.aarch64",
                "product": {
                  "name": "python310-django-debug-toolbar-4.3-1.2.aarch64",
                  "product_id": "python310-django-debug-toolbar-4.3-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-django-debug-toolbar-4.3-1.2.aarch64",
                "product": {
                  "name": "python311-django-debug-toolbar-4.3-1.2.aarch64",
                  "product_id": "python311-django-debug-toolbar-4.3-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-django-debug-toolbar-4.3-1.2.aarch64",
                "product": {
                  "name": "python312-django-debug-toolbar-4.3-1.2.aarch64",
                  "product_id": "python312-django-debug-toolbar-4.3-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python310-django-debug-toolbar-4.3-1.2.ppc64le",
                "product": {
                  "name": "python310-django-debug-toolbar-4.3-1.2.ppc64le",
                  "product_id": "python310-django-debug-toolbar-4.3-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python311-django-debug-toolbar-4.3-1.2.ppc64le",
                "product": {
                  "name": "python311-django-debug-toolbar-4.3-1.2.ppc64le",
                  "product_id": "python311-django-debug-toolbar-4.3-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python312-django-debug-toolbar-4.3-1.2.ppc64le",
                "product": {
                  "name": "python312-django-debug-toolbar-4.3-1.2.ppc64le",
                  "product_id": "python312-django-debug-toolbar-4.3-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python310-django-debug-toolbar-4.3-1.2.s390x",
                "product": {
                  "name": "python310-django-debug-toolbar-4.3-1.2.s390x",
                  "product_id": "python310-django-debug-toolbar-4.3-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python311-django-debug-toolbar-4.3-1.2.s390x",
                "product": {
                  "name": "python311-django-debug-toolbar-4.3-1.2.s390x",
                  "product_id": "python311-django-debug-toolbar-4.3-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python312-django-debug-toolbar-4.3-1.2.s390x",
                "product": {
                  "name": "python312-django-debug-toolbar-4.3-1.2.s390x",
                  "product_id": "python312-django-debug-toolbar-4.3-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python310-django-debug-toolbar-4.3-1.2.x86_64",
                "product": {
                  "name": "python310-django-debug-toolbar-4.3-1.2.x86_64",
                  "product_id": "python310-django-debug-toolbar-4.3-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-django-debug-toolbar-4.3-1.2.x86_64",
                "product": {
                  "name": "python311-django-debug-toolbar-4.3-1.2.x86_64",
                  "product_id": "python311-django-debug-toolbar-4.3-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-django-debug-toolbar-4.3-1.2.x86_64",
                "product": {
                  "name": "python312-django-debug-toolbar-4.3-1.2.x86_64",
                  "product_id": "python312-django-debug-toolbar-4.3-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-django-debug-toolbar-4.3-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.aarch64"
        },
        "product_reference": "python310-django-debug-toolbar-4.3-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-django-debug-toolbar-4.3-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.ppc64le"
        },
        "product_reference": "python310-django-debug-toolbar-4.3-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-django-debug-toolbar-4.3-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.s390x"
        },
        "product_reference": "python310-django-debug-toolbar-4.3-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python310-django-debug-toolbar-4.3-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.x86_64"
        },
        "product_reference": "python310-django-debug-toolbar-4.3-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-django-debug-toolbar-4.3-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.aarch64"
        },
        "product_reference": "python311-django-debug-toolbar-4.3-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-django-debug-toolbar-4.3-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.ppc64le"
        },
        "product_reference": "python311-django-debug-toolbar-4.3-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-django-debug-toolbar-4.3-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.s390x"
        },
        "product_reference": "python311-django-debug-toolbar-4.3-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-django-debug-toolbar-4.3-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.x86_64"
        },
        "product_reference": "python311-django-debug-toolbar-4.3-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-django-debug-toolbar-4.3-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.aarch64"
        },
        "product_reference": "python312-django-debug-toolbar-4.3-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-django-debug-toolbar-4.3-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.ppc64le"
        },
        "product_reference": "python312-django-debug-toolbar-4.3-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-django-debug-toolbar-4.3-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.s390x"
        },
        "product_reference": "python312-django-debug-toolbar-4.3-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-django-debug-toolbar-4.3-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.x86_64"
        },
        "product_reference": "python312-django-debug-toolbar-4.3-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-30459",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-30459"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.aarch64",
          "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.ppc64le",
          "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.s390x",
          "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.x86_64",
          "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.aarch64",
          "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.ppc64le",
          "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.s390x",
          "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.x86_64",
          "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.aarch64",
          "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.ppc64le",
          "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.s390x",
          "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-30459",
          "url": "https://www.suse.com/security/cve/CVE-2021-30459"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.aarch64",
            "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.ppc64le",
            "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.s390x",
            "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.x86_64",
            "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.aarch64",
            "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.ppc64le",
            "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.s390x",
            "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.x86_64",
            "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.aarch64",
            "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.ppc64le",
            "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.s390x",
            "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.aarch64",
            "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.ppc64le",
            "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.s390x",
            "openSUSE Tumbleweed:python310-django-debug-toolbar-4.3-1.2.x86_64",
            "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.aarch64",
            "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.ppc64le",
            "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.s390x",
            "openSUSE Tumbleweed:python311-django-debug-toolbar-4.3-1.2.x86_64",
            "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.aarch64",
            "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.ppc64le",
            "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.s390x",
            "openSUSE Tumbleweed:python312-django-debug-toolbar-4.3-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-07-12T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-30459"
    }
  ]
}

OPENSUSE-SU-2024:11225-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

python36-django-debug-toolbar-3.2.1-1.2 on GA media

Notes

Title of the patch

python36-django-debug-toolbar-3.2.1-1.2 on GA media

Description of the patch

These are all security issues fixed in the python36-django-debug-toolbar-3.2.1-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11225

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python36-django-debug-toolbar-3.2.1-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python36-django-debug-toolbar-3.2.1-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11225",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11225-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-30459 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-30459/"
      }
    ],
    "title": "python36-django-debug-toolbar-3.2.1-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11225-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python36-django-debug-toolbar-3.2.1-1.2.aarch64",
                "product": {
                  "name": "python36-django-debug-toolbar-3.2.1-1.2.aarch64",
                  "product_id": "python36-django-debug-toolbar-3.2.1-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python38-django-debug-toolbar-3.2.1-1.2.aarch64",
                "product": {
                  "name": "python38-django-debug-toolbar-3.2.1-1.2.aarch64",
                  "product_id": "python38-django-debug-toolbar-3.2.1-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-django-debug-toolbar-3.2.1-1.2.aarch64",
                "product": {
                  "name": "python39-django-debug-toolbar-3.2.1-1.2.aarch64",
                  "product_id": "python39-django-debug-toolbar-3.2.1-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python36-django-debug-toolbar-3.2.1-1.2.ppc64le",
                "product": {
                  "name": "python36-django-debug-toolbar-3.2.1-1.2.ppc64le",
                  "product_id": "python36-django-debug-toolbar-3.2.1-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python38-django-debug-toolbar-3.2.1-1.2.ppc64le",
                "product": {
                  "name": "python38-django-debug-toolbar-3.2.1-1.2.ppc64le",
                  "product_id": "python38-django-debug-toolbar-3.2.1-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python39-django-debug-toolbar-3.2.1-1.2.ppc64le",
                "product": {
                  "name": "python39-django-debug-toolbar-3.2.1-1.2.ppc64le",
                  "product_id": "python39-django-debug-toolbar-3.2.1-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python36-django-debug-toolbar-3.2.1-1.2.s390x",
                "product": {
                  "name": "python36-django-debug-toolbar-3.2.1-1.2.s390x",
                  "product_id": "python36-django-debug-toolbar-3.2.1-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python38-django-debug-toolbar-3.2.1-1.2.s390x",
                "product": {
                  "name": "python38-django-debug-toolbar-3.2.1-1.2.s390x",
                  "product_id": "python38-django-debug-toolbar-3.2.1-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python39-django-debug-toolbar-3.2.1-1.2.s390x",
                "product": {
                  "name": "python39-django-debug-toolbar-3.2.1-1.2.s390x",
                  "product_id": "python39-django-debug-toolbar-3.2.1-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python36-django-debug-toolbar-3.2.1-1.2.x86_64",
                "product": {
                  "name": "python36-django-debug-toolbar-3.2.1-1.2.x86_64",
                  "product_id": "python36-django-debug-toolbar-3.2.1-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python38-django-debug-toolbar-3.2.1-1.2.x86_64",
                "product": {
                  "name": "python38-django-debug-toolbar-3.2.1-1.2.x86_64",
                  "product_id": "python38-django-debug-toolbar-3.2.1-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python39-django-debug-toolbar-3.2.1-1.2.x86_64",
                "product": {
                  "name": "python39-django-debug-toolbar-3.2.1-1.2.x86_64",
                  "product_id": "python39-django-debug-toolbar-3.2.1-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python36-django-debug-toolbar-3.2.1-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.aarch64"
        },
        "product_reference": "python36-django-debug-toolbar-3.2.1-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python36-django-debug-toolbar-3.2.1-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.ppc64le"
        },
        "product_reference": "python36-django-debug-toolbar-3.2.1-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python36-django-debug-toolbar-3.2.1-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.s390x"
        },
        "product_reference": "python36-django-debug-toolbar-3.2.1-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python36-django-debug-toolbar-3.2.1-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.x86_64"
        },
        "product_reference": "python36-django-debug-toolbar-3.2.1-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python38-django-debug-toolbar-3.2.1-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.aarch64"
        },
        "product_reference": "python38-django-debug-toolbar-3.2.1-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python38-django-debug-toolbar-3.2.1-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.ppc64le"
        },
        "product_reference": "python38-django-debug-toolbar-3.2.1-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python38-django-debug-toolbar-3.2.1-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.s390x"
        },
        "product_reference": "python38-django-debug-toolbar-3.2.1-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python38-django-debug-toolbar-3.2.1-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.x86_64"
        },
        "product_reference": "python38-django-debug-toolbar-3.2.1-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-django-debug-toolbar-3.2.1-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.aarch64"
        },
        "product_reference": "python39-django-debug-toolbar-3.2.1-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-django-debug-toolbar-3.2.1-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.ppc64le"
        },
        "product_reference": "python39-django-debug-toolbar-3.2.1-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-django-debug-toolbar-3.2.1-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.s390x"
        },
        "product_reference": "python39-django-debug-toolbar-3.2.1-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python39-django-debug-toolbar-3.2.1-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.x86_64"
        },
        "product_reference": "python39-django-debug-toolbar-3.2.1-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-30459",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-30459"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.aarch64",
          "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.ppc64le",
          "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.s390x",
          "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.x86_64",
          "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.aarch64",
          "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.ppc64le",
          "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.s390x",
          "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.x86_64",
          "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.aarch64",
          "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.ppc64le",
          "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.s390x",
          "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-30459",
          "url": "https://www.suse.com/security/cve/CVE-2021-30459"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.aarch64",
            "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.ppc64le",
            "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.s390x",
            "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.x86_64",
            "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.aarch64",
            "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.ppc64le",
            "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.s390x",
            "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.x86_64",
            "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.aarch64",
            "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.ppc64le",
            "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.s390x",
            "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.aarch64",
            "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.ppc64le",
            "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.s390x",
            "openSUSE Tumbleweed:python36-django-debug-toolbar-3.2.1-1.2.x86_64",
            "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.aarch64",
            "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.ppc64le",
            "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.s390x",
            "openSUSE Tumbleweed:python38-django-debug-toolbar-3.2.1-1.2.x86_64",
            "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.aarch64",
            "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.ppc64le",
            "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.s390x",
            "openSUSE Tumbleweed:python39-django-debug-toolbar-3.2.1-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-30459"
    }
  ]
}

PYSEC-2021-10

Vulnerability from pysec - Published: 2021-04-14 18:15 - Updated: 2021-04-21 15:05

Details

Impacted products

Name	purl
django-debug-toolbar	pkg:pypi/django-debug-toolbar

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-debug-toolbar",
        "purl": "pkg:pypi/django-debug-toolbar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.10.0"
            },
            {
              "fixed": "1.11.1"
            },
            {
              "introduced": "2.0"
            },
            {
              "fixed": "2.2.1"
            },
            {
              "introduced": "3.0"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.10.0",
        "0.10.1",
        "0.10.2",
        "0.11",
        "0.11.0",
        "1.0",
        "1.0.1",
        "1.1",
        "1.2",
        "1.2.1",
        "1.2.2",
        "1.3.0",
        "1.3.1",
        "1.3.2",
        "1.4",
        "1.5",
        "1.6",
        "1.7",
        "1.8",
        "1.9",
        "1.9.1",
        "1.10",
        "1.10.1",
        "1.11",
        "2.0",
        "2.1",
        "2.2",
        "3.0",
        "3.1",
        "3.1.1",
        "3.2a1",
        "3.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-30459",
    "GHSA-pghf-347x-c2gj"
  ],
  "details": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.",
  "id": "PYSEC-2021-10",
  "modified": "2021-04-21T15:05:00Z",
  "published": "2021-04-14T18:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj"
    },
    {
      "type": "ARTICLE",
      "url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jazzband/django-debug-toolbar/releases"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30459 (GCVE-0-2021-30459)

FKIE_CVE-2021-30459

GSD-2021-30459

GHSA-PGHF-347X-C2GJ

Impact

Patches

For more information

OPENSUSE-SU-2024:14137-1

OPENSUSE-SU-2024:11225-1

PYSEC-2021-10

Tags

Sightings

Nomenclature