Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10278

django-debug-toolbar is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Exposure of Sensitive Information to an Unauthorized Actor Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.

10

Low Risk

This Affects:

PYTHONdjango-debug-toolbar
1.3.0 - 5.1.0
Fixed in 5.2.0

TL;DR

This update adds sanitization to the debug_toolbar's Request Panel, ensuring sensitive data such as GET, POST, cookies, and session values are redacted in debug output. The RequestPanel.generate_stats method now uses a new sanitize_and_sort_request_vars utility to replace the earlier unsanitized approach. Supporting helper functions (_get_sorted_keys, _process_query_dict, _process_dict) were introduced to clean and organize request data securely.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

django-debug-toolbar is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 1.3.0 - 5.1.0.

How to fix this

Upgrade the django-debug-toolbar library to the patch version.

Links

Get Secure Now

Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.

Start for Free
Book a Demo

No credit card required | Scan results in 32secs.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done