djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.

package_name: djangorestframework-simplejwt
Suggested fix: Upgrade to version 5.3.2 or later.
source: dependabot-alert

This issue have been completed via #30.

LGTM 👍🏼