Package impact
Go / github.com/nats-io/jwt
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3127 | unknown | — | — | 4y ago | NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | |||
| CVE-2020-26521 | unknown | — | — | 4y ago | The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). | |||
| CVE-2020-26892 | unknown | — | — | 5y ago | The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. |