VulnerableCode Package Details - pkg:deb/debian/golang-github-dgrijalva-jwt-go@3.0.0%2BREALLY.2.6.0-1

Search for packages

Package details: pkg:deb/debian/golang-github-dgrijalva-jwt-go@3.0.0%2BREALLY.2.6.0-1

Essentials
History (4)

purl	pkg:deb/debian/golang-github-dgrijalva-jwt-go@3.0.0%2BREALLY.2.6.0-1

Next non-vulnerable version	3.2.0-3
Latest non-vulnerable version	3.2.0-3
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-gt63-t28m-aaak Aliases: CVE-2020-26160 GHSA-w73w-5m7g-f7qc	jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.	3.2.0-3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T05:59:39.579978+00:00	Debian Oval Importer	Affected by	VCID-gt63-t28m-aaak	None	36.1.3
2025-06-07T23:38:14.257271+00:00	Debian Oval Importer	Affected by	VCID-gt63-t28m-aaak	None	36.1.0
2025-04-12T21:52:00.932418+00:00	Debian Oval Importer	Affected by	VCID-gt63-t28m-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-07T22:10:21.836307+00:00	Debian Oval Importer	Affected by	VCID-gt63-t28m-aaak	None	36.0.0