Vulnerabilities > Nats

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-46129 Missing Required Cryptographic Step vulnerability in Nats Server and Nkeys
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
network
low complexity
nats CWE-325
7.5
2022-03-10 CVE-2022-26652 Path Traversal vulnerability in Nats Server and Nats Streaming Server
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams.
network
low complexity
nats CWE-22
4.0
2022-02-08 CVE-2022-24450 Missing Authorization vulnerability in Nats Server and Nats Streaming Server
NATS nats-server before 2.7.2 has Incorrect Access Control.
network
low complexity
nats CWE-862
8.8
2021-03-16 CVE-2021-3127 Improper Handling of Exceptional Conditions vulnerability in Nats JWT Library and Nats Server
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
network
low complexity
nats CWE-755
5.0
2021-03-07 CVE-2020-28466 Unspecified vulnerability in Nats Server 2.0.0/2.0.2
This affects all versions of package github.com/nats-io/nats-server/server.
network
low complexity
nats
5.0
2019-07-29 CVE-2019-13126 Integer Overflow or Wraparound vulnerability in Nats Server
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request.
network
low complexity
nats CWE-190
7.5