CVE-2020-26160 -- golang-github-dgrijalva-jwt-go| Deprecated |
| ID: oval:org.secpod.oval:def:2003963 | Date: (C)2020-10-08 (M)2023-02-07 |
| Class: VULNERABILITY | Family: unix |
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] . Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
| Platform: |
| Debian 10.x |
| Debian 9.x |
| Product: |
| golang-github-dgrijalva-jwt-go-dev |
