Workflow

PyPi: Djangorestframework-Simplejwt

CVE-2024-22513

Safety vulnerability ID: 66963

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 16, 2024 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Affected versions of Djangorestframework-simplejwt are vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.

Affected package

djangorestframework-simplejwt

Latest version: 5.3.1

A minimal JSON Web Token authentication plugin for Django REST Framework

Affected versions

Fixed versions

Vulnerability changelog

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. See CVE-2024-22513.


MISC:https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513: https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application