| - module: github.com/nats-io/jwt |
| - package: github.com/nats-io/jwt |
| - AccountClaims.IsRevoked |
| summary: Incorrect handling of credential expiry in github.com/nats-io/jwt |
| The AccountClaims.IsRevoked and Export.IsRevoked functions improperly validate |
| expired credentials using the current system time rather than the issue time of |
| These functions cannot be used properly. Newer versions of the jwt package |
| provide an IsClaimRevoked method which performs correct validation. In these |
| versions, the IsRevoked method always return true. |
| published: 2022-07-15T23:29:36Z |
| - advisory: https://advisories.nats.io/CVE/CVE-2020-26892.txt |
| - fix: https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a |