| module = "github.com/dgrijalva/jwt-go" |
| |
| description = """ |
| If a JWT contains an audience claim with an array of strings, rather |
| than a single string, and `MapClaims.VerifyAudience` is called with |
| `req` set to `false` then audience verification will be bypassed, |
| allowing an invalid set of audiences to be provided. |
| """ |
| |
| cve = "CVE-2020-26160" |
| |
| credit = "@christopher-wong" |
| |
| symbols = ["MapClaims.VerifyAudience"] |
| |
| [[versions]] |
| introduced = "v0.0.0-20150717181359-44718f8a89b0" |
| |
| [[additional_packages]] |
| module = "github.com/dgrijalva/jwt-go/v4" |
| symbols = ["MapClaims.VerifyAudience"] |
| [[additional_packages.versions]] |
| fixed = "v4.0.0-preview1" |
| |
| [links] |
| commit = "https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab" |
| context = ["https://github.com/dgrijalva/jwt-go/issues/422"] |