From 2a7f5f94c8dc1d05b417e654225d4da75f7791bd Mon Sep 17 00:00:00 2001
From: Oliver <oliver.henry.walters@gmail.com>
Date: Mon, 2 Jun 2025 22:43:48 +1000
Subject: [PATCH] Security fix (#9727)

* Add max limit for 'skip' parameter
---
 src/backend/InvenTree/plugin/builtin/labels/label_sheet.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/backend/InvenTree/plugin/builtin/labels/label_sheet.py b/src/backend/InvenTree/plugin/builtin/labels/label_sheet.py
index c58f4d6cb2..8e24eebb79 100644
--- a/src/backend/InvenTree/plugin/builtin/labels/label_sheet.py
+++ b/src/backend/InvenTree/plugin/builtin/labels/label_sheet.py
@@ -34,6 +34,7 @@ class LabelPrintingOptionsSerializer(serializers.Serializer):
         label=_('Skip Labels'),
         help_text=_('Skip this number of labels when printing label sheets'),
         min_value=0,
+        max_value=500,
     )
 
     border = serializers.BooleanField(