Vulnerabilities > CVE-2020-26160 - Improper Handling of Exceptional Conditions vulnerability in Jwt-Go Project Jwt-Go

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jwt-go-project

CWE-755

NVD

Published: 2020-09-30

Updated: 2021-07-21

Summary

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.

Vulnerable Configurations

Part	Description	Count
Application	Jwt-Go_Project JWT GO Project JWT GO - JWT GO Project JWT GO 1.0.0 JWT GO Project JWT GO 1.0.1 JWT GO Project JWT GO 1.0.2 JWT GO Project JWT GO 2.0.0 JWT GO Project JWT GO 2.1.0 JWT GO Project JWT GO 2.2.0 JWT GO Project JWT GO 2.3.0 JWT GO Project JWT GO 2.4.0 JWT GO Project JWT GO 2.5.0 JWT GO Project JWT GO 2.6.0 JWT GO Project JWT GO 2.7.0 JWT GO Project JWT GO 3.0.0 JWT GO Project JWT GO 3.1.0 JWT GO Project JWT GO 3.2.0	15

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References