CVE-2021-30459: 
Python vulnerability analysis and mitigation

A SQL Injection vulnerability was discovered in the SQL Panel of Jazzband Django Debug Toolbar versions before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1. The vulnerability was disclosed on April 14, 2021 and assigned CVE-2021-30459. The issue affects the SQL explain, analyze, and select forms in the toolbar's SQL Panel functionality (Django Advisory, GitHub Advisory).

The vulnerability allows attackers to execute arbitrary SQL statements by manipulating the raw_sql input field of the SQL explain, analyze, or select forms in the SQL Panel. The issue affects all versions from 0.10.0 onwards until the patched versions. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

This is considered a high severity issue, particularly for installations using the toolbar in production environments. The vulnerability allows attackers to execute arbitrary SQL statements, potentially leading to unauthorized access to database contents, modification of data, or disruption of database services (GitHub Advisory).

Users should upgrade to the patched versions: Django Debug Toolbar 1.11.1 for version 1.x users, 2.2.1 for version 2.x users, or 3.2.1 for version 3.x users. While the Django Debug Toolbar team typically only maintains the latest version, an exception was made for this vulnerability due to its high severity (Django Advisory).