8 matches found
GO-2022-0852 Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server
Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server...
GO-2022-0398 Import loops in account imports, nats-server DoS in github.com/nats-io/nats-server
Import loops in account imports, nats-server DoS in github.com/nats-io/nats-server...
Improper TLS Ciphers Configuration
github.com/nats-io/nats-server/ is vulnerable to Improper TLS Ciphers Configuration. The vulnerability is due to the loss of restricted ciphersuite settings when using CLI options to set a key/cert for TLS, enabling all ciphersuites supported by Go by default...
Authentication Bypass
github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability occurs when the only account added is the system account $SYS. In this scenario, the nats-server creates an implicit user in $G and designates it as the noauthuser account. This effectively enables the same...
Denial of service in github.com/nats-io/nats-server/server
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers - Running a NATS service which is exposed to untrusted users presents a heighten...
Denial Of Service (DoS)
github.com/nats-io/nats-server is vulnerable to denial of service DoS. Using configs that represent a service export/import cycles, an unauthenticated user is able to crash the server if running NATS services are exposed to untrusted users...
CVE-2020-28466
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...
Denial Of Service (DoS)
github.com/nats-io/nats-server is susceptible to denial of service DoS. It does not validate whether the maximum payload size exceeds the size of int32, allowing an attacker to crash the application by sending a request with malicious payload...