angler-fishThe Vulnerability History Project

Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.

      Thank you to Shen Ying for reporting this issue.
by Stephanie the Jack Russel 2019-11-25 10:32:30 UTC
commit 103ebe2b5ff1b2614b85a52c239f471904d26244
Django Fix Inline Model Access CVE-2019-19118
django/contrib/admin/options.py
+5 -16
django/contrib/admin/templates/admin/edit_inline/stacked.html
+1 -1
django/contrib/admin/templates/admin/edit_inline/tabular.html
+2 -2
docs/releases/2.1.15.txt
+1 -40
tests/admin_inlines/models.py
-1
tests/admin_inlines/tests.py
-111
tests/admin_views/admin.py
+9
tests/admin_views/tests.py
+66 -3
tests/admin_views/urls.py
+1
tests/auth_tests/test_views.py
+1 -1
expand_less