CVE-2021-3127: Incorrect Authorization

February 15, 2022 (updated April 12, 2022)

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.

References

advisories.nats.io/CVE/CVE-2021-3127.txt
github.com/advisories/GHSA-9r5x-fjv3-q6h4
github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866
github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403
nvd.nist.gov/vuln/detail/CVE-2021-3127

Code Behaviors & Features

Detect and mitigate CVE-2021-3127 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →