blob: 80ce1dfa1e42650e2ab7af60cfeb2108263d481d [file] [log] [blame]
id: GO-2022-0402
modules:
- module: github.com/nats-io/jwt
versions:
- fixed: 1.1.0
vulnerable_at: 1.0.1
packages:
- package: github.com/nats-io/jwt
symbols:
- Export.Validate
- Import.Validate
- Imports.Validate
derived_symbols:
- Account.Validate
- AccountClaims.Validate
- Exports.Validate
summary: Panic in NATS JWT decoding in github.com/nats-io/jwt
description: |-
A malicious account can create and sign a User JWT which causes a panic when
decoded by the NATS JWT library.
published: 2022-07-01T20:10:43Z
cves:
- CVE-2020-26521
ghsas:
- GHSA-h2fg-54x9-5qhq
- GHSA-hmm9-r2m2-qg9w
references:
- fix: https://github.com/nats-io/jwt/pull/107
- web: https://advisories.nats.io/CVE/CVE-2020-26521.txt