djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
CPE | Name | Operator | Version |
---|---|---|---|
djangorestframework-simplejwt | le | 5.3.1 |