VDB
GHSA-J756-F273-XHP4
GHSA-J756-F273-XHP4
PUBLISHED
CVSS 7.5 HIGH
github.com/nats-io/nats-server Import token permissions checking not enforced
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Go | github.com/nats-io/jwt/v2 | 0 |
| github.com | nats-io/jwt/v2 | 0, 0, 0 |
| github.com | nats-io/jwt/v2 | 0, 0 |
| github.com | nats-io/jwt | 0, 0, 0 |
| Go | github.com/nats-io/nats-server/v2 | 0 |
| github.com | nats-io/nats-server/v2 | 0, 0 |
| Go | github.com/nats-io/jwt | 0 |
| github.com | nats-io/nats-server/v2 | 0, 0, 0 |
| github.com | nats-io/jwt | 0, 0 |
Timeline
- May 21, 2021 CVE Published
- May 21, 2024 CVE Updated
- Mar 2, 2026 Security Advisory
References
- https://github.com/nats-io/jwt/security/advisories/GHSA-62mh-w5cv-p88c url
- https://github.com/nats-io/nats-server/security/advisories/GHSA-j756-f273-xhp4 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-3127 vendor-advisory
- https://advisories.nats.io/CVE/CVE-2021-3127.txt url
- https://github.com/nats-io/nats-server product
- GitHub Advisory GHSA-j756-f273-xhp4 vendor-advisory
- https://github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403 url
- https://github.com/nats-io/jwt/pull/149 url
- https://github.com/nats-io/jwt/commit/6c72fdd73e82fa9ebb151d84773baf4e9164c4ab url
- https://github.com/nats-io/jwt product
- GitHub Advisory GHSA-62mh-w5cv-p88c vendor-advisory
- https://github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866 url