FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4e3fa78b-1577-11ea-b66e-080027bdabe8Django -- multiple vulnerabilities

Django release reports:

CVE-2019-19118: Privilege escalation in the Django admin.

Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a read-only view of the parent model but editable forms for the inline.

Submitting these forms would not allow direct edits to the parent model, but would trigger the parent model's save() method, and cause pre and post-save signal handlers to be invoked. This is a privilege escalation as a user who lacks permission to edit a model should not be able to trigger its save-related signals.


Discovery 2019-11-25
Entry 2019-12-03
py35-django21
py36-django21
py37-django21
py38-django21
lt 2.1.15

py35-django22
py36-django22
py37-django22
py38-django22
lt 2.2.8

https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
CVE-2019-19118