CyberSec.Space Logo
Back to CVE Browser

CVE-2019-13177

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile34.10th
PublishedJul 2, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.

Affected Platforms (CPE)

πŸ“¦
Django Rest Registration Project

Django Rest Registration

> 0.1.0 and < 0.5.0

References & Advisories

πŸ”— https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0
πŸ”— https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh
πŸ”— https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0
πŸ”— https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh

Related Vulnerabilities

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...

CVE-2019-1151010.0

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated rem...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...

CVE-2019-186710.0

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypa...