EPSS
Percentile
52.1%
drf_jwt is vulnerable to blacklist protection mechanism bypass. Due to lack of compatibility between a blacklist protection mechanism and token-refresh feature, the refresh endpoint allows a user with an invalidated token to get a new valid token.
github.com/advisories/GHSA-fpjm-rp2g-3r4c
github.com/jpadilla/django-rest-framework-jwt/issues/484
github.com/Styria-Digital/django-rest-framework-jwt/commit/868b5c22ddad59772b447080183e7c7101bb18e0
github.com/Styria-Digital/django-rest-framework-jwt/issues/36
pypi.org/project/drf-jwt/1.15.1/#history