CVE-2021-30459

{"id": "CVE-2021-30459", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-04-14T18:15:14.877", "references": [{"url": "https://github.com/jazzband/django-debug-toolbar/releases", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/jazzband/django-debug-toolbar/releases", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.djangoproject.com/weblog/2021/apr/14/debug-toolbar-security-releases/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form."}, {"lang": "es", "value": "Un problema de inyecci\u00f3n SQL en el panel SQL en Jazzband Django Debug Toolbar versiones anteriores a 1.11.1, versiones 2.x anteriores a 2.2.1 y versiones 3.x anteriores a 3.2.1, permite a atacantes ejecutar sentencias SQL al cambiar el campo de entrada raw_sql del formulario de explicaci\u00f3n, an\u00e1lisis o selecci\u00f3n de SQL"}], "lastModified": "2024-11-21T06:03:57.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9155971C-2E44-4DBF-8AAA-B08687454051", "versionEndExcluding": "1.11.1", "versionStartIncluding": "0.10.0"}, {"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C582D6A7-0A92-4C7F-9392-FBBA302AAADC", "versionEndExcluding": "2.2.1", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:jazzband:django_debug_toolbar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F28FC87E-8A6E-44E0-8E93-9A498B18F2E0", "versionEndExcluding": "3.2.1", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}