Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
0001-CVE-2020-26160.patch | CVE-2020-26160 | jwt-go before 4.0.0-preview1 allows attackers to bypass intended | access restrictions in situations with []string{} for m["aud"] (which | is allowed by the specification). Because the type assertion fails, "" | is the value of aud. This is a security problem if the JWT token is | presented to a service that lacks its own audience check. https://github.com/dgrijalva/jwt-go/issues/428 https://github.com/dgrijalva/jwt-go/pull/286 |
https://github.com/katerji92 | no | 2018-08-14 |