Nats Server Security Vulnerabilities and Issues — Nats Server CVE List

Lucene search

NatsNats Server

4 matches found

CVE•added 2023/10/31 12:15 a.m.•340 views

CVE-2023-46129

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2...

7.5CVSS7.5AI score0.00092EPSS

CVE•added 2021/03/16 8:15 p.m.•64 views

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.

7.5CVSS7.4AI score0.0029EPSS

CVE•added 2021/03/07 10:15 a.m.•49 views

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened ...

7.5CVSS7.5AI score0.08427EPSS

CVE•added 2019/07/29 5:15 p.m.•41 views

CVE-2019-13126

An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.

7.5CVSS7.6AI score0.00678EPSS