Описание
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-djangorestframework-simplejwt | unfixed | package |
Примечания
https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513
https://github.com/jazzband/djangorestframework-simplejwt/issues/805
https://github.com/jazzband/djangorestframework-simplejwt/issues/779
Questionable CVE: This is an insecure interface, not a vulnerability per se
EPSS
Связанные уязвимости
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
Improper Privilege Management in djangorestframework-simplejwt
Уязвимость плагина аутентификации веб-токенов JSON djangorestframework-simplejwt программной платформы для веб-приложений Django, позволяющая нарушителю раскрыть защищаемую информацию
EPSS