github.com/nats-io/nats-streaming-server

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/nats-io/nats-streaming-serverpage 1 of 1

CVE-2022-24450HIGHCVSS 8.8EG 8.8✓ Fixed in 0.24.1
2022-02-08
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
CVE-2022-26652MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.24.3
2022-03-10
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
CVE-2022-29946MEDIUMCVSS 6.3EG 6.3✓ Fixed in 0.24.6
2024-07-11
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on…

Check whether github.com/nats-io/nats-streaming-server is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/nats-io/nats-streaming-server CVEs against the assets you own.

Start Free Scan →