Lucene search
K

8 matches found

OSV
OSV
added 2024/08/21 3:29 p.m.16 views

GO-2022-0852 Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server

Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server...

7.5CVSS7.5AI score0.01739EPSS
Exploits0References7
OSV
OSV
added 2024/08/21 2:30 p.m.8 views

GO-2022-0398 Import loops in account imports, nats-server DoS in github.com/nats-io/nats-server

Import loops in account imports, nats-server DoS in github.com/nats-io/nats-server...

7.1AI score
Exploits0References1
Veracode
Veracode
added 2024/05/15 8:58 a.m.14 views

Improper TLS Ciphers Configuration

github.com/nats-io/nats-server/ is vulnerable to Improper TLS Ciphers Configuration. The vulnerability is due to the loss of restricted ciphersuite settings when using CLI options to set a key/cert for TLS, enabling all ciphersuites supported by Go by default...

7AI score0.00348EPSS
Exploits0
Veracode
Veracode
added 2023/10/23 3:28 a.m.13 views

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability occurs when the only account added is the system account $SYS. In this scenario, the nats-server creates an implicit user in $G and designates it as the noauthuser account. This effectively enables the same...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.28 views

Denial of service in github.com/nats-io/nats-server/server

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers - Running a NATS service which is exposed to untrusted users presents a heighten...

7.5CVSS7.4AI score0.03658EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2021/03/08 2:48 a.m.17 views

Denial Of Service (DoS)

github.com/nats-io/nats-server is vulnerable to denial of service DoS. Using configs that represent a service export/import cycles, an unauthenticated user is able to crash the server if running NATS services are exposed to untrusted users...

7.5CVSS3.7AI score0.03658EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/03/07 10:15 a.m.44 views

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

7.5CVSS0.03658EPSS
Exploits0References4
Veracode
Veracode
added 2019/07/30 6:33 a.m.20 views

Denial Of Service (DoS)

github.com/nats-io/nats-server is susceptible to denial of service DoS. It does not validate whether the maximum payload size exceeds the size of int32, allowing an attacker to crash the application by sending a request with malicious payload...

7.5CVSS3.5AI score0.01739EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder