GHSA-9r5x-fjv3-q6h4 – github.com/nats-io/nats-server/v2

Package

Manager: go
Name: github.com/nats-io/nats-server/v2
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2 ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-62mh-w5cv-p88c (for github.com/nats-io/jwt) and GHSA-j756-f273-xhp4 (for github.com/nats-io/nats-server). This link is maintained to preserve external references. ## Original Description NATS Server (github.com/nats-io/nats-server/v2/server) 2.x before 2.2.0 and JWT library (github.com/nats-io/jwt/v2) before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.

Metadata

Created: 2022-02-15T01:57:18Z
Modified: 2024-05-21T14:35:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-9r5x-fjv3-q6h4/GHSA-9r5x-fjv3-q6h4.json
CWE IDs: ["CWE-284", "CWE-863"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0