Описание
Django vulnerable to privilege abuse in GenericInlineModelAdmin
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank N05ec@LZU-DSLab for reporting this issue.
Пакеты
Django
>= 6.0, < 6.0.4
6.0.4
Django
>= 5.2, < 5.2.13
5.2.13
Django
>= 4.2, < 4.2.30
4.2.30
Связанные уязвимости
A flaw was found in Django. This vulnerability allows an attacker to bypass permission validation by submitting forged `POST` data to the `GenericInlineModelAdmin` component. As a result, unauthorized inline model instances could be added, potentially leading to privilege abuse or unauthorized data manipulation within the application.
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank N05ec@LZU-DSLab for reporting this issue.
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ...