{"url":"http://public2.vulnerablecode.io/api/packages/384210?format=json","purl":"pkg:golang/github.com/nats-io/jwt@1.2.3-0.20210314221642-a826c77dc9d2","type":"golang","namespace":"github.com/nats-io","name":"jwt","version":"1.2.3-0.20210314221642-a826c77dc9d2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.1.0","latest_non_vulnerable_version":"1.2.3-0.20210314221642-a826c77dc9d2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361355?format=json","vulnerability_id":"VCID-affe-ks89-g3b6","summary":"Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-62mh-w5cv-p88c (for github.com/nats-io/jwt) and GHSA-j756-f273-xhp4 (for github.com/nats-io/nats-server). This link is maintained to preserve external references.\n\n## Original Description\nNATS Server (github.com/nats-io/nats-server/v2/server) 2.x before 2.2.0 and JWT library (github.com/nats-io/jwt/v2) before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.","references":[{"reference_url":"https://advisories.nats.io/CVE/CVE-2021-3127.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisories.nats.io/CVE/CVE-2021-3127.txt"},{"reference_url":"https://github.com/nats-io/jwt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt"},{"reference_url":"https://github.com/nats-io/jwt/pull/149","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/pull/149"},{"reference_url":"https://github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866"},{"reference_url":"https://github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3127","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384210?format=json","purl":"pkg:golang/github.com/nats-io/jwt@1.2.3-0.20210314221642-a826c77dc9d2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/nats-io/jwt@1.2.3-0.20210314221642-a826c77dc9d2"}],"aliases":["GHSA-9r5x-fjv3-q6h4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-affe-ks89-g3b6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/nats-io/jwt@1.2.3-0.20210314221642-a826c77dc9d2"}