Lucene search
GoogleOSV:GO-2020-0017HistoryApr 14, 2021 - 8:04 p.m.
Authorization bypass in github.com/dgrijalva/jwt-go
2021-04-1420:04:52
Google
osv.dev
18
If a JWT contains an audience claim with an array of strings, rather than a single string, and MapClaims.VerifyAudience is called with req set to false, then audience verification will be bypassed, allowing an invalid set of audiences to be provided.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/dgrijalva/jwt-go | ge | 0.0.0-20150717181359-44718f8a89b0 | |
| github.com/dgrijalva/jwt-go/v4 | lt | 4.0.0-preview1 |
Related
osv
osv
CVE-2020-26160
2020-09-30 18:15:27
CGA-6hxx-3pwx-j6mh
2024-06-21 16:22:55
Authorization bypass in github.com/dgrijalva/jwt-go
2021-05-18 21:08:21
github
github
Authorization bypass in github.com/dgrijalva/jwt-go
2021-05-18 21:08:21
cgr
cgr
CVE-2020-26160 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
redhatcve
redhatcve
CVE-2020-26160
2020-09-30 22:37:10
cvelist
cvelist
CVE-2020-26160
2020-09-30 12:57:10
wolfi
wolfi
CVE-2020-26160 vulnerabilities
2024-07-05 21:08:40
veracode
veracode
Authorization Bypass
2020-09-30 00:55:36
debiancve
debiancve
CVE-2020-26160
2020-09-30 18:15:27
redhat
redhat
(RHSA-2021:0516) Moderate: Release of OpenShift Serverless 1.13.0 security update
2021-02-15 14:47:44
(RHSA-2021:5110) Moderate: Cryostat security update
2021-12-14 12:44:18
nvd
nvd
CVE-2020-26160
2020-09-30 18:15:27
ubuntucve
ubuntucve
CVE-2020-26160
2020-09-30 00:00:00
alpinelinux
alpinelinux
CVE-2020-26160
2020-09-30 18:15:27
prion
prion
Design/Logic Flaw
2020-09-30 18:15:00
cve
cve
CVE-2020-26160
2020-09-30 18:15:27