Verification Process Spoofing

2019-07-0305:12:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.011

Percentile

84.7%

JSON

django-rest-registration is vulnerable to verification process spoofing. The misuse of django signing API and just relying on static string for signatures leads to easily guessable signatures used for email verification.

References

github.com/apragacz/django-rest-registration/commit/26d094fab65ea8c2694fdfb6a3ab95a7808b62d5

github.com/apragacz/django-rest-registration/releases/tag/0.5.0

github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh

EPSS

0.011

Percentile

84.7%

JSON

Related for VERACODE:20649