{"url":"http://public2.vulnerablecode.io/api/packages/14671?format=json","purl":"pkg:pypi/django@2.1.15","type":"pypi","namespace":"","name":"django","version":"2.1.15","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.28","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=json","vulnerability_id":"VCID-9mpt-zxaw-kkeg","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22501?format=json","purl":"pkg:pypi/django@2.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/22502?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35453?format=json","vulnerability_id":"VCID-pgtx-cdua-kfb4","summary":"Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-hvmf-r92r-27hr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hvmf-r92r-27hr"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191217-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20191217-0003/"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/02/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/02/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/12/02/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14671?format=json","purl":"pkg:pypi/django@2.1.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.15"},{"url":"http://public2.vulnerablecode.io/api/packages/14672?format=json","purl":"pkg:pypi/django@2.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.8"}],"aliases":["CVE-2019-19118","GHSA-hvmf-r92r-27hr","PYSEC-2019-15"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgtx-cdua-kfb4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.15"}