RSS   Vulnerabilities for 'Nats streaming server'   RSS

2022-03-10
 
CVE-2022-26652

CWE-22
 

 
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.

 
2022-02-08
 
CVE-2022-24450

CWE-863
 

 
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.

 

 >>> Vendor: NATS 3 Products
Nats server
Jwt library
Nats streaming server


Copyright 2024, cxsecurity.com

 

Back to Top