2 matches found
GO-2026-4703 Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning in github.com/centrifugal/centrifugo
Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning in github.com/centrifugal/centrifugo...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...