Miggo Logo

CVE-2021-35042: SQL Injection in Django

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.91151%
Published
9/22/2021
Updated
9/20/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Djangopip>= 3.2a1, < 3.2.53.2.5
Djangopip>= 3.0a1, < 3.1.133.1.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient validation in the order_by() handling. The commit diff shows the fix added a regex pattern (ORDER_PATTERN) to validate column references in django/db/models/sql/constants.py and modified add_ordering in query.py to use this check. Prior to the patch, the code only checked for '.' presence in the input string, allowing attackers to inject SQL via malformed order_by parameters. The direct modification of add_ordering in the security patch confirms this function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*j*n*o *.*.x ***or* *.*.** *n* *.*.x ***or* *.*.* *llows Qu*ryS*t.or**r_*y SQL inj**tion i* or**r_*y is untrust** input *rom * *li*nt o* * w** *ppli**tion.

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt v*li**tion in t** or**r_*y() **n*lin*. T** *ommit *i** s*ows t** *ix ***** * r***x p*tt*rn (OR**R_P*TT*RN) to v*li**t* *olumn r***r*n**s in *j*n*o/**/mo**ls/sql/*onst*nts.py *n* mo*i*i** ***_or**rin* in qu*