Debian Patches

Status for golang-github-dgrijalva-jwt-go/3.2.0-4

Patch Description Author Forwarded Bugs Origin Last update
0001-CVE-2020-26160.patch CVE-2020-26160
| jwt-go before 4.0.0-preview1 allows attackers to bypass intended
| access restrictions in situations with []string{} for m["aud"] (which
| is allowed by the specification). Because the type assertion fails, ""
| is the value of aud. This is a security problem if the JWT token is
| presented to a service that lacks its own audience check. no 2018-08-14

All known versions for source package 'golang-github-dgrijalva-jwt-go'