VDB

CVE-2021-35042

CVE-2021-35042 PUBLISHED

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

EPSS 90.90% · 99.6th percentile

Risk Scores

EPSS Score
90.90%
99.6th percentile

Affected Products

VendorProductVersions
Bitnamidjango3.2.0, 3.1.0, 3.1.0
Bitnamidjango3.2.0, 3.1.0

Timeline

  • Jul 2, 2021 CVE Published
  • Jul 3, 2021 EPSS Score
  • Jul 11, 2021 EPSS Score
  • Aug 18, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Aug 4, 2024 CVE Updated
  • Mar 17, 2025 EPSS Score
  • Mar 21, 2025 EPSS Score
  • Mar 25, 2025 EPSS Score
  • Mar 26, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›