Security Advisories - ezsystems/ezplatform-rest - Packagist

ezsystems/ezplatform-rest Security Advisories for v1.3.0-beta1 (2)

User can obtain JWT token even if account is disabled

Affected version: >=1.3.0,<1.3.8

Reported by:
GitHub
/user/sessions endpoint allows detecting valid accounts

Affected version: >=1.3.0,<=1.3.1.0|>=1.2.0,<=1.2.2.0

Reported by:
GitHub