CVE-2020-26160 -- golang-github-dgrijalva-jwt-goDeprecated |
ID: oval:org.secpod.oval:def:2003963 | Date: (C)2020-10-08 (M)2023-02-07 |
Class: VULNERABILITY | Family: unix |
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] . Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
Platform: |
Debian 10.x |
Debian 9.x |
Product: |
golang-github-dgrijalva-jwt-go-dev |