Joel Saunders

**Name of the Vulnerable Software and Affected Versions** Django versions 3.1.x through 3.1.12 Django versions 3.2.x through 3.2.4 **Description** The issue is related to the `QuerySet.order by()` function in the Django web application platform, which does not properly protect the SQL query structure. This allows for SQL injection if the `order by` parameter is based on untrusted input from a client. The exploitation of this issue may enable a remote attacker to execute arbitrary commands. **Recommendations** For Django versions 3.1.x through 3.1.12, update to version 3.1.13 or later. For Django versions 3.2.x through 3.2.4, update to version 3.2.5 or later. As a temporary workaround, consider validating and sanitizing any untrusted input used in the `order by` parameter to prevent SQL injection attacks. Restrict access to the `QuerySet.order by()` function to minimize the risk of exploitation.