CVE-2024-22513

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-22513
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22513.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-22513
Aliases
Related
Published
2024-03-16T07:15:06Z
Modified
2024-11-16T21:49:27.965559Z
Summary
[none]
Details

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.

References

Affected packages

Debian:12 / python-djangorestframework-simplejwt

Package

Name
python-djangorestframework-simplejwt
Purl
pkg:deb/debian/python-djangorestframework-simplejwt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.2-1
5.3.0-1
5.3.1-1
5.3.1-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / python-djangorestframework-simplejwt

Package

Name
python-djangorestframework-simplejwt
Purl
pkg:deb/debian/python-djangorestframework-simplejwt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.2-1
5.3.0-1
5.3.1-1
5.3.1-2

Ecosystem specific 

{
    "urgency": "unimportant"
}