verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.
References
Link | Resource |
---|---|
https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0 | Release Notes Third Party Advisory |
https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh | Exploit Patch Third Party Advisory |
https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0 | Release Notes Third Party Advisory |
https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0 - Release Notes, Third Party Advisory | |
References | () https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh - Exploit, Patch, Third Party Advisory |
Information
Published : 2019-07-02 22:15
Updated : 2024-11-21 04:24
NVD link : CVE-2019-13177
Mitre link : CVE-2019-13177
CVE.ORG link : CVE-2019-13177
JSON object : View
Products Affected
django-rest-registration_project
- django-rest-registration
CWE
CWE-347
Improper Verification of Cryptographic Signature