Go modules package
github.com/nats-io/nats-server/v2
pkg:golang/github.com/nats-io/nats-server/v2
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24450 | — | >= 2.0.0, < 2.7.2 | 2.7.2 | Feb 8, 2022 | NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. | ||
| CVE-2020-28466 | — | < 2.2.0 | 2.2.0 | Mar 7, 2021 | This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users pre | ||
| CVE-2019-13126 | — | < 2.2.0 | 2.2.0 | Jul 29, 2019 | An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated. |
- CVE-2022-24450Feb 8, 2022affected >= 2.0.0, < 2.7.2fixed 2.7.2
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
- CVE-2020-28466Mar 7, 2021affected < 2.2.0fixed 2.2.0
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users pre
- CVE-2019-13126Jul 29, 2019affected < 2.2.0fixed 2.2.0
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.
Page 2 of 2