CVE-2021-35042 log

Severity High
Remote Yes
Type Insufficient validation
A security issue has been found in Django before version 3.2.5. Unsanitized user input passed to QuerySet.order_by() could bypass intended column reference validation in path marked for deprecation resulting in a potential SQL injection even if a deprecation warning is emitted. As a mitigation the strict column reference validation was restored for the duration of the deprecation period.
Group Package Affected Fixed Severity Status Ticket
AVG-2123 python-django 3.2.4-1 3.2.5-1 High Fixed
Date Advisory Group Package Severity Type
03 Jul 2021 ASA-202107-11 AVG-2123 python-django High insufficient validation