BIT-NATS-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

SUSE CVE-2016-5127

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

GO-2022-0386 Import token permissions checking not enforced in github.com/nats-io/jwt

Import tokens valid for one account may be used for any other account. Validation of Import token bindings incorrectly warns on mismatches, rather than rejecting the Goken. This permits a token for one account to be used for any other account...

GHSA-9R5X-FJV3-Q6H4 Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-62mh-w5cv-p88c for github.com/nats-io/jwt and GHSA-j756-f273-xhp4 for github.com/nats-io/nats-server. This link is maintained to preserve external references. Original Description NATS Server...

Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-62mh-w5cv-p88c for github.com/nats-io/jwt and GHSA-j756-f273-xhp4 for github.com/nats-io/nats-server. This link is maintained to preserve external references. Original Description NATS Server...

GHSA-J756-F273-XHP4 github.com/nats-io/nats-server Import token permissions checking not enforced

This advisory is canonically Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyon...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

DEBIAN-CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

UBUNTU-CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

CVE-2021-3127

The CVE concerns NATS Server 2.x (pre-2.2.0) and the JWT library (pre-2.0.1) where Import Token bindings were mishandled, causing Incorrect Access Control. The root cause is improper validation of Import Token bindings, allowing cross-account access to imported subjects. Affected versions include...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

PT-2021-19229 · Unknown · Jwt Library +1

Name of the Vulnerable Software and Affected Versions: NATS Server versions 2.0.0 through 2.1.9 JWT library versions prior to 2.0.1 Description: The issue is related to Incorrect Access Control in the NATS server and JWT library. The validation of Import token bindings incorrectly warns on...