[HIGH] User can obtain JWT token even if account is disabled

PKSA-kvbv-3c4f-djwp GHSA-36mj-6r7r-mqhf

Affected package: ezsystems/ezplatform-rest

Affected version: >=1.3.0,<1.3.8

Reported by:
GitHub