Oval Definition:	oval:org.opensuse.security:def:202026160
Revision Date: 2022-06-30 Version: 1 Title: CVE-2020-26160 Description: jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2020-26160 SUSE CVE-2020-26160 Platform(s): openSUSE Tumbleweed Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND Package Information telegraf-1.19.0-1.2 is installed OR velero-plugin-for-microsoft-azure-1.3.1-1.1 is installed
BACK