github.com/nats-io/jwt
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/nats-io/jwtpage 1 of 1
- CVE-2020-26521HIGHCVSS 7.5EG 7.5✓ Fixed in 1.1.02020-11-06
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
- CVE-2020-26892CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.1.02020-11-06
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
- CVE-2021-3127HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.3-0.20210314221642-a826c77dc9d22021-03-16
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
Check whether github.com/nats-io/jwt is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/nats-io/jwt CVEs against the assets you own.
Start Free Scan →