Oval Definition:oval:org.opensuse.security:def:202135042
Revision Date:2022-06-30Version:1
Title:CVE-2021-35042
Description:

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-35042
SUSE CVE-2021-35042
Platform(s):openSUSE Tumbleweed
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-Django is not affected
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • python36-Django-3.2.7-2.3 is installed
  • OR python38-Django-3.2.7-2.3 is installed
  • OR python39-Django-3.2.7-2.3 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Django is not affected
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1 is not affected
    • BACK