Vulnerability Description
verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Django-Rest-Registration Project | Django-Rest-Registration | < 0.5.0 |
Related Weaknesses (CWE)
References
- https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0Release NotesThird Party Advisory
- https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3ExploitPatchThird Party Advisory
- https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0Release NotesThird Party Advisory
- https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3ExploitPatchThird Party Advisory
FAQ
What is CVE-2019-13177?
CVE-2019-13177 is a vulnerability with a CVSS score of 9.8 (CRITICAL). verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote ...
How severe is CVE-2019-13177?
CVE-2019-13177 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-13177?
Check the references section above for vendor advisories and patch information. Affected products include: Django-Rest-Registration Project Django-Rest-Registration.