Safety vulnerability ID: 37266
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Django-rest-registration 0.5.0 includes a fix for CVE-2019-13177: verification.py in django-rest-registration before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.
Latest version: 0.9.0
User registration REST API, based on django-rest-framework
verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.
MISC:https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0: https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0
MISC:https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh: https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application