CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-13177

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile34.10th
Published2019年7月2日
Last Modified2024年11月21日

Vulnerability Description

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.

Affected Platforms (CPE)

📦
Django Rest Registration Project

Django Rest Registration

> 0.1.0 and < 0.5.0

References & Advisories

🔗 https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0
🔗 https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh
🔗 https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0
🔗 https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh

関連する脆弱性情報

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...