The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
7.5CVSS
7.2AI Score
0.002EPSS
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
9.8CVSS
9.3AI Score
0.002EPSS