blob: 90100665b988a4326a059b685656d039ba0daf0d [file] [log] [blame]
module = "github.com/dgrijalva/jwt-go"
description = """
If a JWT contains an audience claim with an array of strings, rather
than a single string, and `MapClaims.VerifyAudience` is called with
`req` set to `false` then audience verification will be bypassed,
allowing an invalid set of audiences to be provided.
"""
cve = "CVE-2020-26160"
credit = "@christopher-wong"
symbols = ["MapClaims.VerifyAudience"]
[[versions]]
introduced = "v0.0.0-20150717181359-44718f8a89b0"
[[additional_packages]]
module = "github.com/dgrijalva/jwt-go/v4"
symbols = ["MapClaims.VerifyAudience"]
[[additional_packages.versions]]
fixed = "v4.0.0-preview1"
[links]
commit = "https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab"
context = ["https://github.com/dgrijalva/jwt-go/issues/422"]