Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2
High severity
GitHub Reviewed
Published
Feb 15, 2022
to the GitHub Advisory Database
•
Updated May 21, 2024
Withdrawn
This advisory was withdrawn on May 21, 2024
Description
Published by the National Vulnerability Database
Mar 16, 2021
Reviewed
May 12, 2021
Published to the GitHub Advisory Database
Feb 15, 2022
Withdrawn
May 21, 2024
Last updated
May 21, 2024
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-62mh-w5cv-p88c (for github.com/nats-io/jwt) and GHSA-j756-f273-xhp4 (for github.com/nats-io/nats-server). This link is maintained to preserve external references.
Original Description
NATS Server (github.com/nats-io/nats-server/v2/server) 2.x before 2.2.0 and JWT library (github.com/nats-io/jwt/v2) before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
References