Go modules package
github.com/nats-io/jwt
pkg:golang/github.com/nats-io/jwt
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3127 | — | <= 1.2.2 | — | Mar 16, 2021 | NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | ||
| CVE-2020-26892 | — | < 1.1.0 | 1.1.0 | Nov 6, 2020 | The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. | ||
| CVE-2020-26521 | — | < 1.1.0 | 1.1.0 | Nov 6, 2020 | The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). |
- CVE-2021-3127Mar 16, 2021affected <= 1.2.2
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
- CVE-2020-26892Nov 6, 2020affected < 1.1.0fixed 1.1.0
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
- CVE-2020-26521Nov 6, 2020affected < 1.1.0fixed 1.1.0
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).