<p>Upgrade <code>github.com/nats-io/nats-server/v2/server</code> to version 2.9.23, 2.10.2 or higher.</p>

=2.10.0 <2.10.2

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERV2SERVER-6016641
published 20 Oct 2023
disclosed 19 Oct 2023
credit Alex Herrington

Report a new vulnerability Found a mistake?

Introduced: 19 Oct 2023

CWE-305 Open this link in a new tab

How to fix?

Upgrade github.com/nats-io/nats-server/v2/server to version 2.9.23, 2.10.2 or higher.

Overview

github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices.

Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to improper authorisation rules in the server component. This results in users connecting without authentication.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

Required

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

Low
Availability (A)

Low

Authentication Bypass by Primary Weakness Affecting github.com/nats-io/nats-server/v2/server package, versions >=2.2.0 <2.9.23 >=2.10.0 <2.10.2

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 19 Oct 2023

How to fix?

Overview

References

CVSS Scores

Snyk