Homepage
About Snyk

djoser@0.4.2 vulnerabilities

REST implementation of Django authentication system.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the djoser package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access Restriction Bypass

djoser is a REST implementation of Django authentication system.

Affected versions of this package are vulnerable to Access Restriction Bypass via the UserViewSet which allowed to create new accounts using the wrong endpoint.

How to fix Access Restriction Bypass?

Upgrade djoser to version 1.5.1 or higher.

[,1.5.1)
  • H
Authentication Bypass

djoser is a REST implementation of Django authentication system.

Affected versions of this package are vulnerable to Authentication Bypass. A malicious user could update other user info with user token due to a lack of permission check.

How to fix Authentication Bypass?

Upgrade djoser to version 1.3.2 or higher.

[,1.3.2)
Go back to all versions of this package