angler-fishThe Vulnerability History Project

Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.

      Thank you to Shen Ying for reporting this issue.
by Stephanie the Jack Russel 2019-11-25 11:01:49 UTC
commit 36f580a17f0b3cb087deadf3b65eea024f479c21
Django Fix Inline Model Access CVE-2019-19118
django/contrib/admin/options.py
+5 -16
django/contrib/admin/templates/admin/edit_inline/stacked.html
+1 -1
django/contrib/admin/templates/admin/edit_inline/tabular.html
+2 -2
docs/releases/2.1.15.txt
+1 -40
docs/releases/2.2.8.txt
+2 -41
tests/admin_inlines/tests.py
-112
tests/admin_views/admin.py
+9
tests/admin_views/tests.py
+65 -3
tests/admin_views/urls.py
+1
tests/auth_tests/test_views.py
+1 -1
expand_less