CVE-2020-10594
CVE-2020-10594 affects drf-jwt 1.15.x before 1.15.1. The issue stems from an incompatibility between the blacklist protection mechanism and the token-refresh feature, allowing an attacker who has access to a notionally invalidated token to obtain a new, valid token via the refresh endpoint. The d...