12 matches found
Fedora: Security Advisory for python-django (FEDORA-2020-2e7d30f7aa)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GLSA-202004-17 : Django: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202004-17 Django: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending specially crafted input,...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.12-alt1
April 12, 2020 Alexey Shabalin 2.2.12-alt1 - 2.2.12 - Fixes for the following security vulnerabilities: + CVE-2019-19118 Privilege escalation in the Django admin. + CVE-2019-19844 Potential account hijack via password reset form + CVE-2020-7471 Potential SQL injection via StringAggdelimiter +...
Fedora Update for python-django FEDORA-2019-adc8990386
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
a3m (=0.1.0), aa-fleet (>=1.0.0 <=1.1.0) +670 more potentially affected by CVE-2019-19118 via django (>=2.2.0 <=2.2.7)
django PYPI version =2.2.0, =1.0.0, =1.1.12, =0.1.0a0, =0.1.0a0, =1.2.0a1, =2.0.0, =0.1.0, =1.1.0, =1.4.1, =1.6.0 - aiida-crystal17 =0.11.0 and more Source cves: CVE-2019-19118 Source advisory: OSV:GHSA-HVMF-R92R-27HR...
django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +13 more potentially affected by CVE-2019-19118 via django (>=2.1.0 <=2.1.12)
django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =0.1.1, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-19118 Source advisory: OSV:GHSA-HVMF-R92R-27HR...
FreeBSD : Django -- multiple vulnerabilities (4e3fa78b-1577-11ea-b66e-080027bdabe8)
Django release reports : CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...
DEBIAN-CVE-2019-19118
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +13 more potentially affected by CVE-2019-19118 via django (>=2.1.0 <=2.1.12)
django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =0.1.1, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-19118 Source advisory: OSV:PYSEC-2019-15...
a3m (=0.1.0), aa-fleet (>=1.0.0 <=1.1.0) +670 more potentially affected by CVE-2019-19118 via django (>=2.2.0 <=2.2.7)
django PYPI version =2.2.0, =1.0.0, =1.1.12, =0.1.0a0, =0.1.0a0, =1.2.0a1, =2.0.0, =0.1.0, =1.1.0, =1.4.1, =1.6.0 - aiida-crystal17 =0.11.0 and more Source cves: CVE-2019-19118 Source advisory: OSV:PYSEC-2019-15...
CVE-2019-19118
CVE-2019-19118 affects Django Framework: versions 2.1 before 2.1.15 and 2.2 before 2.2.8. The issue arises in the admin inline editing UI: if a user has view permissions on a parent model but edit permissions on the inline model, the UI could allow POST requests to update the inline model, while ...
Django -- multiple vulnerabilities
Django release reports: CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...