CVE-2021-35042: django: potential SQL injection via unsanitized QuerySet.order_by() input

Severity: Critical

CVSS Score: 9.8

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.