Safety vulnerability ID: 37266
The information on this page was manually curated by our Cybersecurity Intelligence Team.
[This advisory has been limited. Please create a free account to view the full advisory.]
Latest version: 0.9.0
User registration REST API, based on django-rest-framework
[This affected versions has been limited. Please create a free account to view the full affected versions.]
[This fixed versions has been limited. Please create a free account to view the full fixed versions.]
verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.
MISC:https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0: https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0
MISC:https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh: https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application