Safety vulnerability ID: 25735
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
Latest version: 5.1.4
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application