dependabot: improper privilege management in djangorestframework-simplejwt
50-Course opened this issue · comments
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
package_name: djangorestframework-simplejwt
Suggested fix: Upgrade to version 5.3.2 or later.
source: dependabot-alert