зеркало из https://github.com/golang/vulndb.git
30 строки
827 B
YAML
30 строки
827 B
YAML
id: GO-2022-0402
|
|
modules:
|
|
- module: github.com/nats-io/jwt
|
|
versions:
|
|
- fixed: 1.1.0
|
|
vulnerable_at: 1.0.1
|
|
packages:
|
|
- package: github.com/nats-io/jwt
|
|
symbols:
|
|
- Export.Validate
|
|
- Import.Validate
|
|
- Imports.Validate
|
|
derived_symbols:
|
|
- Account.Validate
|
|
- AccountClaims.Validate
|
|
- Exports.Validate
|
|
summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
|
|
description: |
|
|
A malicious account can create and sign a User JWT which causes a panic
|
|
when decoded by the NATS JWT library.
|
|
published: 2022-07-01T20:10:43Z
|
|
cves:
|
|
- CVE-2020-26521
|
|
ghsas:
|
|
- GHSA-h2fg-54x9-5qhq
|
|
- GHSA-hmm9-r2m2-qg9w
|
|
references:
|
|
- fix: https://github.com/nats-io/jwt/pull/107
|
|
- web: https://advisories.nats.io/CVE/CVE-2020-26521.txt
|