SUSE CVE-2019-19118

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

PT-2019-15772 · Django Software Foundation +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Django versions 2.1 through 2.1.14 Django versions 2.2 through 2.2.7 Description: The issue allows unintended model editing in certain configurations. When a Django model admin displays inline related models and the user has view-only...