Spoofing Vulnerability in Django REST Registration Library by Apragacz
CVE-2019-13177

9.8CRITICAL

Key Information:

Vendor: Django-rest-registration Project
Status: Django-rest-registration
Vendor: CVE Published:; 2 July 2019

What is CVE-2019-13177?

The Django REST Registration library prior to version 0.5.0 is susceptible to a spoofing vulnerability due to a misuse of the Django Signing API. This vulnerability arises from the reliance on a static string for signatures, which allows remote attackers to manipulate the verification process. Incorrectly refactored code calls a security-critical function with an inappropriate argument, enabling exploitation and potential unauthorized access.

References

https://github.com/apragacz/django-rest-registration/secu...

x_refsource_MISC

https://github.com/apragacz/django-rest-registration/rele...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2019
Vulnerability Reserved
Jul 2, 2019

Django-rest-registration Project

What is CVE-2019-13177?

References

CVSS V3.1

Timeline