What is CVE-2021-35042?

CVE-2021-35042 is a vulnerability in N/a. Published 2021-07-02.

Is CVE-2021-35042 known to be exploited?

38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-35042

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

EPSS: 0.909 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

YouGina/CVE-2021-35042
r4vi/CVE-2021-35042
zer0qs/CVE-2021-35042
vutiendat323/INT14107_CVE-2021-35042
LUUANHDUC/CVE-2021-35042
mrlihd/CVE-2021-35042
ARPSyndicate/cvemon
CLincat/vulcat
H3rmesk1t/Django-SQL-Inject-Env
NaInSec/CVE-PoC-in-GitHub

References

groups.google.com/forum/ (x_refsource_MISC)
docs.djangoproject.com/en/3.2/releases/security/ (x_refsource_MISC)
www.openwall.com/lists/oss-security/2021/07/02/2 (x_refsource_CONFIRM)
www.djangoproject.com/weblog/2021/jul/01/security-releases/ (x_refsource_CONFIRM)
security.netapp.com/advisory/ntap-20210805-0008/ (x_refsource_CONFIRM)
FEDORA-2021-78e501d62a (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2021-35042?: CVE-2021-35042 is a vulnerability in N/a. Published 2021-07-02.
Is CVE-2021-35042 known to be exploited?: 38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.