Name of the Vulnerable Software and Affected Versions Django versions 2.1 through 2.1.14 Django versions 2.2 through 2.2.7

Description The issue allows unintended model editing in certain configurations of the Django model admin. When a user has view-only permissions to a parent model but edit permissions to an inline model, the editing UI is presented, enabling POST requests to update the inline model. Although the parent model cannot be directly edited, its save() method is called, potentially triggering side effects and invoking pre and post-save signal handlers.

Recommendations For Django versions 2.1 through 2.1.14, update to version 2.1.15 or later to resolve the issue. For Django versions 2.2 through 2.2.7, update to version 2.2.8 or later to resolve the issue.