Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2020-28466

Published: 07/03/2021 Updated: 25/03/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nats nats server

Mailing Lists

Full Disclosure: [CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities
[moderators: my apologies for the initial unsigned message, please discard that one and permit this one] Folks, Two new CVEs for the NATS project for issues fixed with the 220 release The full text of the advisories should be attached These, and other advisories, can be found at <advisoriesnatsio/> * CVE-2020-28466 + i ...
Full Disclosure: [CVE-2020-28466][CVE-2021-3127] NATS.io vulnerabilities
Folks, Two new CVEs for the NATS project for issues fixed with the 220 release The full text of the advisories should be attached These, and other advisories, can be found at <advisoriesnatsio/> * CVE-2020-28466 + import loops between accounts, expressed in the account JWT, could DoS the server + this was fixed i ...

References

NVD-CWE-noinfohttps://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-1042967https://github.com/nats-io/nats-server/pull/1731http://www.openwall.com/lists/oss-security/2021/03/16/1http://www.openwall.com/lists/oss-security/2021/03/16/2https://nvd.nist.govhttp://seclists.org/oss-sec/2021/q1/211
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248CVE-2024-3110CVE-2024-5552CVE-2024-29415HTML injectionCVE-2024-3095TCPtype confusionCVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook