Home Latest Cyber Security News | Network Security Hacking Serious SQL Vulnerability Found In Django Debug Toolbar
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Serious SQL Vulnerability Found In Django Debug Toolbar

by Abeerah Hashim
written by Abeerah Hashim
ChatGPT Vulnerability

A high-severity vulnerability existed in the open-source Django Debug Toolbar. Exploiting this vulnerability could let an adversary mount SQL injection attacks. The developers have deployed the fixes for the latest as well as previous toolbar releases.

Django Debug Toolbar SQL Vulnerability

Reportedly, a high-severity SQL vulnerability existed in the Django Debug toolbar. Django is an open-source Python-based web framework facilitating the development of complex database-driven websites.

According to the details shared via an advisory, the bug allowed the attackers to modify raw_sql input of SQL forms. As stated,

With Django Debug Toolbar attackers are able to execute SQL by changing the raw_sql input of the SQL explain, analyze or select forms and submitting the form.

This vulnerability affected all existing and previous releases of the tool. Precisely, the affected versions include Django Debug Toolbar main branch, version 3.2, 2.2, and 1.11.

The bug triggering SQL injection attacks has received the CVE ID CVE-2021-30459. According to NVD advisory, it has received a CVSS score of 9.8 with a critical severity rating.

Patch Available For Previous Versions Too

Upon detecting this bug, the developers rushed to come up with a fix for it. While they usually address vulnerabilities in the latest releases only. However, given the severity of this vulnerability, they released fixes for the previous releases as well.

Generally, the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.

Hence, the patches are now available with the Django Debug Toolbar versions 3.2.1, 2.2.1, and 1.11.1. The team has also confirmed the security fix via the changelog of the toolbar version 3.2.

Fixed SQL Injection vulnerability, CVE-2021-30459. The toolbar now calculates a signature on all fields for the SQL select, explain, and analyze forms.

Since the fixed releases are now available, and that the flaw bears serious potential consequences, all Django Debug Toolbar users should ensure upgrading to the latest patched versions at the earliest.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses