CVE-2020-26892
https://notcve.org/view.php?id=CVE-2020-26892
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. La biblioteca JWT en NATS nats-server versiones anteriores a 2.1.9, presenta un Control de Acceso Incorrecto debido a cómo son manejaban las credenciales expiradas • https://github.com/nats-io/nats-server/commits/master https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI https://www.openwall.com/lists/oss-security/2020/11/02/2 • CWE-798: Use of Hard-coded Credentials •
CVE-2020-26521
https://notcve.org/view.php?id=CVE-2020-26521
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). La biblioteca JWT en NATS nats-server versiones anteriores a 2.1.9, permite una denegación de servicio (una desreferencia nil en el código Go) • http://www.openwall.com/lists/oss-security/2020/11/02/2 https://github.com/nats-io/nats-server/commits/master https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI • CWE-476: NULL Pointer Dereference •