CVE-2019-13177

Published: Jul 2, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.

Affected (1)

Products: Django Rest Registration Project: Django Rest Registration

Django Rest Registration Project

1 product

Django Rest Registration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Django Rest Registration Project Django Rest Registration	After 0.1.0 to 0.5.0

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.