Filtered by vendor Jwt-go Project
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26160 | 2 Jwt-go Project, Redhat | 6 Jwt-go, Container Native Virtualization, Cryostat and 3 more | 2024-08-04 | 7.5 High |
| jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. | ||||
Page 1 of 1.