VYPR
High severity7.5OSV Advisory· Published Mar 7, 2021· Updated Jun 17, 2026

CVE-2020-28466

CVE-2020-28466

Description

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/nats-io/nats-serverGo
< 2.2.02.2.0
github.com/nats-io/nats-server/v2Go
< 2.2.02.2.0

Affected products

8

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.