{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34982?format=json","vulnerability_id":"VCID-2yaw-hhv6-fygg","summary":"Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the \"Save as New\" option when editing objects and leveraging the \"change\" permission.","aliases":[{"alias":"CVE-2016-2048"},{"alias":"PYSEC-2016-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9136?format=json","purl":"pkg:pypi/django@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-qy2a-mvpz-q7eh"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9134?format=json","purl":"pkg:pypi/django@1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yaw-hhv6-fygg"},{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-qy2a-mvpz-q7eh"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/9135?format=json","purl":"pkg:pypi/django@1.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yaw-hhv6-fygg"},{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-qy2a-mvpz-q7eh"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.1"}],"references":[{"reference_url":"https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/"},{"reference_url":"http://www.securityfocus.com/bid/82329","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/82329"},{"reference_url":"http://www.securitytracker.com/id/1034894","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034894"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2yaw-hhv6-fygg"}