vulnerability
FreeBSD: VID-4e3fa78b-1577-11ea-b66e-080027bdabe8 (CVE-2019-19118): Django -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Dec 3, 2019 | Dec 3, 2019 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Dec 3, 2019
Added
Dec 3, 2019
Modified
Dec 10, 2025
Description
Django release reports: CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a read-only view of the parent model but editable forms for the inline. Submitting these forms would not allow direct edits to the parent model, but would trigger the parent model's save() method, and cause pre and post-save signal handlers to be invoked. This is a privilege escalation as a user who lacks permission to edit a model should not be able to trigger its save-related signals.
Solutions
freebsd-upgrade-package-py35-django21freebsd-upgrade-package-py36-django21freebsd-upgrade-package-py37-django21freebsd-upgrade-package-py38-django21freebsd-upgrade-package-py35-django22freebsd-upgrade-package-py36-django22freebsd-upgrade-package-py37-django22freebsd-upgrade-package-py38-django22
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.