VYPR

PyPI package

djangorestframework-simplejwt

pkg:pypi/djangorestframework-simplejwt

Vulnerabilities (1)

  • CVE-2024-22513MedMar 16, 2024
    affected < 5.5.1fixed 5.5.1

    djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.