Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
drf-jwt 授权问题漏洞
Vulnerability Description
drf-jwt是一款Django REST Framework的JSON Web令牌认证支持软件包。 drf-jwt 1.15.1之前的1.15.x版本中存在安全漏洞,该漏洞源于黑名单保护机制与令牌刷新功能不兼容。攻击者可利用该漏洞获取新的有效令牌。
CVSS Information
N/A
Vulnerability Type
N/A