092cd66cf3c3e175acce698d6ca2012068d878fa | Vulnerability History Project

The Vulnerability History Project

Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.

      Thank you to Shen Ying for reporting this issue.

by Stephanie the Jack Russel 2019-11-25 14:23:52 UTC

commit 092cd66cf3c3e175acce698d6ca2012068d878fa

Django Fix Inline Model Access CVE-2019-19118

django/contrib/admin/options.py

+5 -16

django/contrib/admin/templates/admin/edit_inline/stacked.html

+1 -1

django/contrib/admin/templates/admin/edit_inline/tabular.html

+2 -2

docs/releases/2.1.15.txt

+1 -40

docs/releases/2.2.8.txt

+2 -41

tests/admin_inlines/tests.py

-112

tests/admin_views/admin.py

+9

tests/admin_views/tests.py

+65 -3

tests/admin_views/urls.py

+1

tests/auth_tests/test_views.py

+1 -1

expand_less