Vulnerability Name: | CVE-2020-26521 (CCN-191004) | ||||||||||||
Assigned: | 2020-11-02 | ||||||||||||
Published: | 2020-11-02 | ||||||||||||
Updated: | 2022-01-01 | ||||||||||||
Summary: | The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
Vulnerability Type: | CWE-476 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-26521 Source: CONFIRM Type: Mailing List, Third Party Advisory http://www.openwall.com/lists/oss-security/2020/11/02/2 Source: XF Type: UNKNOWN nats-cve202026521-dos(191004) Source: CCN Type: jwt GIT Repository NATS JWT Source: CCN Type: nats-server GIT Repository NATS Server Source: MISC Type: Patch, Third Party Advisory https://github.com/nats-io/nats-server/commits/master Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-2c8851d48b Source: CCN Type: oss-sec Mailing List, Mon, 19 Oct 2020 20:00:21 +0800 (CST) [CVE-2020-26521][CVE-2020-26892] NATS JWT vulnerabilities | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: ![]() | ||||||||||||
BACK |