Security Advisories - ezsystems/ezplatform-rest - Packagist

ezsystems/ezplatform-rest Security Advisories for v1.3.0-rc2 (2)

[HIGH] User can obtain JWT token even if account is disabled

PKSA-kvbv-3c4f-djwp GHSA-36mj-6r7r-mqhf

Affected version: >=1.3.0,<1.3.8

Reported by:
GitHub
[HIGH] /user/sessions endpoint allows detecting valid accounts

PKSA-7wh2-f7yz-bpp1 GHSA-7vwg-39h8-8qp8

Affected version: >=1.3.0,<=1.3.1.0|>=1.2.0,<=1.2.2.0

Reported by:
GitHub