QuerySet.order_by SQL Injection in Django 3.1.x and 3.2.x
CVE-2021-35042 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.