Critical severityNVD Advisory· Published Mar 16, 2021· Updated Aug 3, 2024
CVE-2021-3127
CVE-2021-3127
Description
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/nats-io/jwtGo | <= 1.2.2 | — |
github.com/nats-io/jwt/v2Go | < 2.0.1 | 2.0.1 |
Affected products
8- NATS/NATS Serverdescription
- osv-coords7 versionspkg:apk/chainguard/nats-serverpkg:apk/chainguard/nats-server-compatpkg:apk/wolfi/nats-serverpkg:apk/wolfi/nats-server-compatpkg:bitnami/natspkg:golang/github.com/nats-io/jwtpkg:golang/github.com/nats-io/jwt/v2
< 0+ 6 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 2.0.0, < 2.2.0
- (no CPE)range: <= 1.2.2
- (no CPE)range: < 2.0.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-62mh-w5cv-p88cghsaADVISORY
- advisories.nats.io/CVE/CVE-2021-3127.txtghsax_refsource_MISCWEB
- github.com/nats-io/jwt/commit/6c72fdd73e82fa9ebb151d84773baf4e9164c4abghsaWEB
- github.com/nats-io/jwt/pull/149ghsaWEB
- github.com/nats-io/jwt/security/advisories/GHSA-62mh-w5cv-p88cghsaWEB
- github.com/nats-io/nats-server/security/advisories/GHSA-j756-f273-xhp4ghsaWEB
News mentions
0No linked articles in our index yet.