djangorestframework_simplejwt is vulnerable to Missing Authorization Check. The vulnerability is due to the for_user() function which fails to check if a user is active before generation. Django's built in user model contains the is_active field which can be used to block a user from authenticating. If an application utilizes the is_active field to block access, a user can generate a valid JWT token even when their user contains is_active= false, resulting in authentication…Read More