GitHub Advisory DatabaseGHSA-FPJM-RP2G-3R4CDjango Rest Framework jwt allows obtaining new token from notionally invalidated token
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
52.1%
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jwt_project | jwt | * | cpe:2.3:a:jwt_project:jwt:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-fpjm-rp2g-3r4c
github.com/jpadilla/django-rest-framework-jwt/issues/484
github.com/pypa/advisory-database/tree/main/vulns/drf-jwt/PYSEC-2020-40.yaml
github.com/Styria-Digital/django-rest-framework-jwt/commit/868b5c22ddad59772b447080183e7c7101bb18e0
github.com/Styria-Digital/django-rest-framework-jwt/issues/36
nvd.nist.gov/vuln/detail/CVE-2020-10594
pypi.org/project/drf-jwt/1.15.1/#history
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
52.1%