Spoofing Vulnerability in Django REST Registration Library by Apragacz
CVE-2019-13177

9.8CRITICAL

Key Information:

Vendor

Django-rest-registration Project

Status
Django-rest-registration
Vendor
CVE Published:
2 July 2019

What is CVE-2019-13177?

The Django REST Registration library prior to version 0.5.0 is susceptible to a spoofing vulnerability due to a misuse of the Django Signing API. This vulnerability arises from the reliance on a static string for signatures, which allows remote attackers to manipulate the verification process. Incorrectly refactored code calls a security-critical function with an inappropriate argument, enabling exploitation and potential unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/apragacz/django-rest-registration/secu...
x_refsource_MISC
https://github.com/apragacz/django-rest-registration/rele...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.