Skip to content
This repository has been archived by the owner on May 21, 2022. It is now read-only.
This repository has been archived by the owner on May 21, 2022. It is now read-only.

Security Issue - Authorization bypass  #489

Open
Open
Security Issue - Authorization bypass #489
@davitdarsalia

Description

@davitdarsalia
davitdarsalia
opened on May 20, 2022

While merging branches, Github throws me the security alert message shown below.

Severity is 7.5/10.

"jwt-go allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are advised to migrate to golang-jwt at version 3.2.1"
Screenshot 2022-05-21 at 00 09 11
Screenshot 2022-05-21 at 00 09 22

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions