17 matches found
EUVD-2022-1028
Malicious code in bioql PyPI...
GO-2023-2066 NATS nats-server allows directory traversal via unintended path to a management action in github.com/nats-io/nats-server
NATS nats-server allows directory traversal via unintended path to a management action in github.com/nats-io/nats-server...
Fedora 40 : golang-github-nats-io / golang-github-protobuf / nats-server (2023-5f904f4dd4)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5f904f4dd4 advisory. Contains updates to address CVE-2022-28357,41717 Tenable has extracted the preceding description block directly from the Fedora security advisory...
CVE-2023-47090
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is...
CVE-2023-47090
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is...
MGASA-2022-0225 Updated nats-server packages fix security vulnerability
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. CVE-2022-24450...
Incorrect handling of credential expiry by /nats-io/nats-server
Problem Description NATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled. The NATS accounts system has expiration timestamps on credentials; the library had an API which encouraged misuse and an IsRevoked method which misused its own API....
CVE-2020-26521
The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...
CVE-2020-26892
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...
CVE-2020-26892
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...
CVE-2020-26521
The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...
Code injection
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...
Code injection
The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...
CVE-2020-26892
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...
CVE-2020-26892
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...
CVE-2020-26892
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...
CVE-2020-26521
The JWT library in NATS nats-server before 2.1.9 allows a denial of service a nil dereference in Go code...