9 matches found
Django REST Framework SimpleJWT 5.3.1 Information Disclosure
Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...
djangorestframework-simplejwt 5.3.1 - Information Disclosure
Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...
CVE-2024-22513
A flaw was found in djangorestframework-simplejwt. Affected versions of this package are vulnerable to information disclosure. This flaw allows a user to access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
CVE-2024-22513
The CVE-2024-22513 vulnerability affects djangorestframework-simplejwt up to and including 5.3.1, where information disclosure can occur because the for_user validation path is missing for inactive users. Multiple connected advisories confirm the issue and link it to inactive-user access of resou...
CVE-2024-22513
creationtimestamp| type| source ---|---|--- 2024-02-11 14:18:34+00:00| seen| https://t.me/arpsyndicate/3403 2024-03-16 08:21:54+00:00| seen| https://t.me/ctinow/209407 2024-03-16 08:26:37+00:00| seen| https://t.me/ctinow/209409 2024-03-16 19:31:52+00:00| seen| https://t.me/ctinow/209681...