Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-26160

Published: 30/09/2020 Updated: 21/07/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Jwt-go

Vulnerability Summary

jwt-go prior to 4.0.0-preview1 allows malicious users to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jwt-go project jwt-go

Vendor Advisories

Red Hat: Moderate: Release of OpenShift Serverless 1.13.0 security update
Synopsis Moderate: Release of OpenShift Serverless 1130 security update Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1130Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which ...
Debian CVElist Bug Report Logs: golang-github-dgrijalva-jwt-go: CVE-2020-26160
Debian Bug report logs - #971556 golang-github-dgrijalva-jwt-go: CVE-2020-26160 Package: src:golang-github-dgrijalva-jwt-go; Maintainer for src:golang-github-dgrijalva-jwt-go is Debian Go Packaging Team <pkg-go-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Oc ...

Github Repositories

https://github.com/novalagung/mypullrequests

List of my contributions to some open source projects

My Open Source Contributions Probably not that important 🤷 No Project Status Patch description Pull request link 30 Depot CLI MERGED fix: panic error on depot cache reset command pr link 29 Go FCM MERGED fix: payload structure to follow spec PR link 28 Vonage Go SDK MERGED fix: CVE-2020-26160 PR link 27 Xendit Go SDK MERGED fix: incorrect struct declaration PR

https://github.com/chair6/test-images

test-go-container-images During various experiences with container image vulnerability scanners, I've found their accuracy to be well varied Especially when you add Go binaries to the mix This repository contains the sources, configurations, and build scripts for a collection of Go binaries and associated container images intended for testing container vulnerabilit

https://github.com/chair6/test-go-container-images

test-go-container-images During various experiences with container image vulnerability scanners, I've found their accuracy to be well varied Especially when you add Go binaries to the mix This repository contains the sources, configurations, and build scripts for a collection of Go binaries and associated container images intended for testing container vulnerabilit

References

CWE-287CWE-755https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515https://github.com/dgrijalva/jwt-go/pull/426https://access.redhat.com/errata/RHSA-2021:0516https://nvd.nist.govhttps://github.com/novalagung/mypullrequests
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook