Missing Authorization Check

djangorestframeworksimplejwt is vulnerable to Missing Authorization Check. The vulnerability is due to the foruser function which fails to check if a user is active before generation. Django's built in user model contains the isactive field which can be used to block a user from authenticating. I...

SUSE CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

Improper Privilege Management in djangorestframework-simplejwt

djangorestframework-simplejwt before version 5.5.1 is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

GHSA-5VCC-86WM-547Q Improper Privilege Management in djangorestframework-simplejwt

djangorestframework-simplejwt before version 5.5.1 is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

Simple JWT Security Vulnerability

Simple JWT is Jazzband open source a JSON Web Token authentication plugin for Django REST Framework. Simple JWT version 5.3.1 and earlier versions have a security vulnerability , the vulnerability stems from the lack of user authentication checks through the foruser method . An attacker can explo...