Acknowledged
Created: Apr 9, 2026
Updated: Apr 20, 2026
Found In Version: 10.23.30.2
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Add permissions on inline model instances were not validated on submission of
forged `POST` data in `GenericInlineModelAdmin`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank N05ec@LZU-DSLab for reporting this issue.
