django-sql-explorer@0.2 vulnerabilities

SQL Reporting that Just Works. Fast, simple, and confusion-free.Write and share queries in a delightful SQL editor, with AI assistance

latest version

5.3
latest non vulnerable version

5.3
first published

11 years ago
latest version published

2 months ago
licenses detected
- MIT
  [0,)
View django-sql-explorer package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the django-sql-explorer package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation allowing regex-injection through `swap_params` in `utils.py`. How to fix Improper Input Validation? Upgrade `django-sql-explorer` to version 4.2b1 or higher.	[,4.2b1)
M Cross-site Scripting (XSS) `django-sql-explorer` is a pluggable app that allows users (admins) to execute SQL, view, and export the results. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The autoescaping method was disabled by default, allowing an attacker to alter database values.	[,1.1.0)