Описание
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needs-triage | |
| mantic | ignored | end of life, was needs-triage |
| noble | needs-triage | |
| oracular | ignored | end of life, was needs-triage |
| plucky | needs-triage |
Показывать по
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...
Improper Privilege Management in djangorestframework-simplejwt
Уязвимость плагина аутентификации веб-токенов JSON djangorestframework-simplejwt программной платформы для веб-приложений Django, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.5 Medium
CVSS3