Back to overview

CVE-2026-16207

LOW
3.7
CVSS 3.1
Description
A vulnerability was detected in django-tastypie up to 0.15.1. Impacted is the function ApiKeyAuthentication of the file tastypie/authentication.py. The manipulation results in use of get request method with sensitive query strings. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID
CVE-2026-16207
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-18 08:27 UTC
Published
2026-07-19 02:30 UTC
Last updated
2026-07-19 02:30 UTC
Primary CWE
CWE-598
Use of GET Request Method With Sensitive Query Strings
Vendor / Product
n/a / django-tastypie
Sources
cve.org  ·  NVD

Severity & Metrics

3.7 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
n/a django-tastypie 0.15.0, 0.15.1
Weakness (CWE)
CWESourceDescription
CWE-598 cna Use of GET Request Method With Sensitive Query Strings
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
3.7 LOW 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
3.7 LOW 3.0 cna CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
2.6 N/D 2.0 cna AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR
References (6)
Back to overview