PyPI package
djangorestframework-simplejwt
pkg:pypi/djangorestframework-simplejwt
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22513 | Med | 5.5 | < 5.5.1 | 5.5.1 | Mar 16, 2024 | djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. |
- affected < 5.5.1fixed 5.5.1
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.