Vulnerability Report: GO-2022-0402
- CVE-2020-26521, GHSA-h2fg-54x9-5qhq, and 1 more
- Affects: github.com/nats-io/jwt
- Published: Jul 01, 2022
- Modified: May 20, 2024
A malicious account can create and sign a User JWT which causes a panic when decoded by the NATS JWT library.
Affected Packages
-
PathVersionsSymbols
-
before v1.1.0
Aliases
References
- https://github.com/nats-io/jwt/pull/107
- https://advisories.nats.io/CVE/CVE-2020-26521.txt
- https://vuln.go.dev/ID/GO-2022-0402.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.