High severityNVD Advisory· Published Sep 30, 2020· Updated Aug 4, 2024
CVE-2020-26149
CVE-2020-26149
Description
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
natsnpm | >= 2.0.0-201, < 2.0.0-209 | 2.0.0-209 |
nats.wsnpm | >= 1.0.0-85, < 1.0.0-111 | 1.0.0-111 |
Affected products
3- NATS/nats.jsdescription
- ghsa-coords2 versions
>= 2.0.0-201, < 2.0.0-209+ 1 more
- (no CPE)range: >= 2.0.0-201, < 2.0.0-209
- (no CPE)range: >= 1.0.0-85, < 1.0.0-111
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-82rf-q3pr-4f6pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26149ghsaADVISORY
- www.openwall.com/lists/oss-security/2020/09/30/3ghsax_refsource_CONFIRMWEB
- github.com/nats-io/nats.deno/compare/v1.0.0-8...v1.0.0-9ghsax_refsource_MISCWEB
- github.com/nats-io/nats.ws/commit/0a37ac2a411ff63f0707cda69a268c5fc4079eb7ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.