0.002 Low
EPSS
Percentile
57.0%
github.com/dgrijalva/jwt-go is vulnerable to authorization bypass. The vulnerability exists as the audience verification succeeds even if the type assertion fails when the value of aud is "".
aud
""
github.com/dgrijalva/jwt-go/blob/master/map_claims.go#L16
github.com/dgrijalva/jwt-go/issues/422
github.com/dgrijalva/jwt-go/pull/426