Homepage

drf-jwt@1.15.0 vulnerabilities

JSON Web Token based authentication for Django REST framework

  • latest version

    1.19.2

  • latest non vulnerable version

    1.19.2

  • first published

    6 years ago

  • latest version published

    3 years ago

  • licenses detected

  • View drf-jwt package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the drf-jwt package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Authentication Bypass

    drf-jwt is a JSON Web Token Authentication support package for Django REST Framework. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained.

    Affected versions of this package are vulnerable to Authentication Bypass. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature.

    How to fix Authentication Bypass?

    Upgrade drf-jwt to version 1.15.1 or higher.

    [1.15.0,1.15.1)
    Go back to all versions of this package