Search for packages
| purl | pkg:alpm/archlinux/python-django@2.2.6-2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qs2z-b4r2-aaac
Aliases: CVE-2019-19118 GHSA-hvmf-r92r-27hr PYSEC-2019-15 PYSEC-2019-85 |
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T07:47:05.964359+00:00 | Arch Linux Importer | Affected by | VCID-qs2z-b4r2-aaac | https://security.archlinux.org/AVG-1070 | 36.0.0 |
| 2024-09-18T02:02:29.641675+00:00 | Arch Linux Importer | Affected by | VCID-qs2z-b4r2-aaac | https://security.archlinux.org/AVG-1070 | 34.0.1 |
| 2024-01-03T22:28:30.373873+00:00 | Arch Linux Importer | Affected by | VCID-qs2z-b4r2-aaac | https://security.archlinux.org/AVG-1070 | 34.0.0rc1 |