Количество 2
Количество 2
CVE-2020-10594
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained.
GHSA-fpjm-rp2g-3r4c
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-10594 An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained. | CVSS3: 9.1 | 0% Низкий | почти 6 лет назад |
| GHSA-fpjm-rp2g-3r4c Django Rest Framework jwt allows obtaining new token from notionally invalidated token | CVSS3: 9.1 | 0% Низкий | больше 5 лет назад |
Уязвимостей на страницу