{"url":"http://public2.vulnerablecode.io/api/packages/54421?format=json","purl":"pkg:pypi/django-rest-registration@0.4.5","type":"pypi","namespace":"","name":"django-rest-registration","version":"0.4.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.5.0","latest_non_vulnerable_version":"0.5.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203838?format=json","vulnerability_id":"VCID-88qa-svjx-aqhy","summary":"Improper Verification of Cryptographic Signature in django-rest-registration","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13177","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61453","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13177"},{"reference_url":"https://github.com/apragacz/django-rest-registration/commit/26d094fab65ea8c2694fdfb6a3ab95a7808b62d5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apragacz/django-rest-registration/commit/26d094fab65ea8c2694fdfb6a3ab95a7808b62d5"},{"reference_url":"https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django-rest-registration/PYSEC-2019-20.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django-rest-registration/PYSEC-2019-20.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13177","reference_id":"CVE-2019-13177","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13177"},{"reference_url":"https://github.com/advisories/GHSA-p3w6-jcg4-52xh","reference_id":"GHSA-p3w6-jcg4-52xh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3w6-jcg4-52xh"},{"reference_url":"https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh","reference_id":"GHSA-p3w6-jcg4-52xh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15420?format=json","purl":"pkg:pypi/django-rest-registration@0.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django-rest-registration@0.5.0"}],"aliases":["CVE-2019-13177","GHSA-p3w6-jcg4-52xh","PYSEC-2019-20"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88qa-svjx-aqhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217777?format=json","vulnerability_id":"VCID-m2ef-q9ka-ukd7","summary":"verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.","references":[{"reference_url":"https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15420?format=json","purl":"pkg:pypi/django-rest-registration@0.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django-rest-registration@0.5.0"}],"aliases":["PYSEC-2019-90"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ef-q9ka-ukd7"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django-rest-registration@0.4.5"}