Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django-rest-framework django rest framework vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
6.1
CVSSv3
CVE-2018-25045
Django REST framework (aka django-rest-framework) prior to 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
Django-rest-framework Django Rest Framework
6.1
CVSSv3
CVE-2020-25626
A flaw was found in Django REST Framework versions prior to 3.12.0 and prior to 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject m...
Encode Django Rest Framework
Redhat Ceph Storage 2.0
Debian Debian Linux 11.0
9.1
CVSSv3
CVE-2020-10594
An issue exists in drf-jwt 1.15.x prior to 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt i...
Styria Django-rest-framework-json Web Tokens
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started