Authentication Bypass Affecting djoser package, versions [,1.3.2)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-DJOSER-72874
  • published2 Jan 2019
  • disclosed12 Sept 2018
  • creditponyjack

Introduced: 12 Sep 2018

CVE NOT AVAILABLE CWE-288  (opens in a new tab)

How to fix?

Upgrade djoser to version 1.3.2 or higher.

Overview

djoser is a REST implementation of Django authentication system.

Affected versions of this package are vulnerable to Authentication Bypass. A malicious user could update other user info with user token due to a lack of permission check.

CVSS Scores

version 3.1