Описание
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-nats-io-jwt | fixed | 2.2.0-1 | package | |
| golang-github-nats-io-jwt | postponed | buster | package | |
| nats-server | not-affected | package |
Примечания
https://advisories.nats.io/CVE/CVE-2021-3127.txt
https://github.com/nats-io/jwt/security/advisories/GHSA-62mh-w5cv-p88c
https://github.com/nats-io/jwt/pull/149
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 5 лет назад
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
CVSS3: 7.5
nvd
почти 5 лет назад
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
github
почти 4 года назад
nats-io/jwt not enforcing checking of Import token permissions