CVE-2026-16207
LOW
3.7
CVSS 3.1
Description
A vulnerability was detected in django-tastypie up to 0.15.1. Impacted is the function ApiKeyAuthentication of the file tastypie/authentication.py. The manipulation results in use of get request method with sensitive query strings. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The project was informed of the problem early through an issue report but has not responded yet.
Metadata
Severity & Metrics
3.7
LOW CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| n/a | django-tastypie | — | 0.15.0, 0.15.1 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-598 | cna | Use of GET Request Method With Sensitive Query Strings |
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X |
| 3.7 | LOW | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R |
| 3.7 | LOW | 3.0 | cna | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R |
| 2.6 | N/D | 2.0 | cna | AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR |
References (6)
- VDB-380023 | django-tastypie authentication.py ApiKeyAuthentication get request method with sensitive query strings https://vuldb.com/vuln/380023
- VDB-380023 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/380023/cti
- CVE-2026-16207 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-16207
- Submit #857924 | django-tastypie 0.15.1 at commit 03c4746f0a0f88628be5264bc8d4a19a0529b2f4 CWE-598 Use of GET Request Method With Sensitive Query Strings https://vuldb.com/submit/857924
- https://github.com/django-tastypie/django-tastypie/issues/1700
- https://github.com/django-tastypie/django-tastypie/