CVE-2019-13177
Last modified
CVE-2019-13177 is a vulnerability of currently unknown severity. verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.. EPSS estimates a 1.62% chance of exploitation in the next 30 days.
Description
verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Django-Rest-Registration Project | Django-Rest-Registration | > 0.1.0, < 0.5.0 |
References
- https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0Release Notes, Third Party Advisory
- https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xhExploit, Patch, Third Party Advisory
- https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0Release Notes, Third Party Advisory
- https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xhExploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-13177?
How severe is CVE-2019-13177?
How do I fix CVE-2019-13177?
Are you affected by CVE-2019-13177?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST