GHSA-9r5x-fjv3-q6h4: Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2
(updated )
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-62mh-w5cv-p88c (for github.com/nats-io/jwt) and GHSA-j756-f273-xhp4 (for github.com/nats-io/nats-server). This link is maintained to preserve external references.
Original Description
NATS Server (github.com/nats-io/nats-server/v2/server) 2.x before 2.2.0 and JWT library (github.com/nats-io/jwt/v2) before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
References
- advisories.nats.io/CVE/CVE-2021-3127.txt
- github.com/advisories/GHSA-9r5x-fjv3-q6h4
- github.com/nats-io/jwt
- github.com/nats-io/jwt/pull/149
- github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866
- github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403
- nvd.nist.gov/vuln/detail/CVE-2021-3127
Detect and mitigate GHSA-9r5x-fjv3-q6h4 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →