Security update for python-djangorestframework-simplejwt (moderate)

openSUSE Security Update: Security update for python-djangorestframework-simplejwt Announcement ID: openSUSE-SU-2025:0425-1 Rating: moderate References: 1221568 Cross-References: CVE-2024-22513 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now availabl...

Django REST Framework SimpleJWT 5.3.1 Information Disclosure

Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...

CVE-2024-22513

A flaw was found in djangorestframework-simplejwt. Affected versions of this package are vulnerable to information disclosure. This flaw allows a user to access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

alcali (>=2018.3.1 <=3006.3.0), arccanet (>=0.0.1 <=0.0.7) +68 more potentially affected by CVE-2024-22513 via djangorestframework-simplejwt (>=4.3.0 <=5.5.0)

djangorestframework-simplejwt PYPI version =4.3.0, =2018.3.1, =0.0.1, =0.0.6, =0.0.8, =1.0.0, =0.0.3, =1.0.0, =0.1.7, =0.4.0, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =0.2.1, =1.0.0, =1.3.8 and more Source cves: CVE-2024-22513 Source advisory: OSV:GHSA-5VCC-86WM-547Q...

Improper Privilege Management in djangorestframework-simplejwt

djangorestframework-simplejwt before version 5.5.1 is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

UBUNTU-CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

CVE-2024-22513

The CVE-2024-22513 vulnerability affects djangorestframework-simplejwt up to and including 5.3.1, where information disclosure can occur because the for_user validation path is missing for inactive users. Multiple connected advisories confirm the issue and link it to inactive-user access of resou...

CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

PT-2024-3946 · Unknown +1 · Djangorestframework-Simplejwt +1

Name of the Vulnerable Software and Affected Versions: djangorestframework-simplejwt versions 5.3.1 and before Description: The issue is related to information disclosure due to missing user validation checks via the for user method. This allows a user to access web application resources even aft...