CVE-2024-22513

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions djangorestframework-simplejwt versions 5.3.1 and before

Description The issue is related to information disclosure due to missing user validation checks via the for user method. This allows a user to access web application resources even after their account has been disabled. The vulnerability is associated with a lack of protection for sensitive data.

Recommendations For versions 5.3.1 and before, consider adding user validation checks to the for user method to prevent unauthorized access to web application resources. As a temporary workaround, restrict access to resources that can be accessed via the for user method until a patch is available.

Exploit

Fix

Improper Privilege Management

Information Disclosure

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-200CWE-306

Related Identifiers

BDU:2024-04357

CVE-2024-22513

GHSA-5VCC-86WM-547Q

OPENSUSE-SU-2025:15699-1

Affected Products

Debian

Djangorestframework-Simplejwt

CVE-2024-22513

Weakness Enumeration

Related Identifiers

Affected Products

References · 26