Debian Patches
Status for golang-github-dgrijalva-jwt-go/3.2.0-4
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-CVE-2020-26160.patch | CVE-2020-26160 | jwt-go before 4.0.0-preview1 allows attackers to bypass intended | access restrictions in situations with []string{} for m["aud"] (which | is allowed by the specification). Because the type assertion fails, "" | is the value of aud. This is a security problem if the JWT token is | presented to a service that lacks its own audience check. https://github.com/dgrijalva/jwt-go/issues/428 https://github.com/dgrijalva/jwt-go/pull/286 |
https://github.com/katerji92 | no | 2018-08-14 |
All known versions for source package 'golang-github-dgrijalva-jwt-go'
- 3.2.0-4 (bookworm)