You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The package github.com/dgrijalva/jwt-go introduces a vulnerabiltiy to the postgres driver for gorm
Details of vulnerability:
github.com/dgrijalva/jwt-go is a go implementation of JSON Web Tokens.
Affected versions of this package are vulnerable to Access Restriction Bypass if m["aud"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is "". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.
Remediation
Upgrade github.com/dgrijalva/jwt-go to version 4.0.0-preview1 or higher.
The text was updated successfully, but these errors were encountered:
Playground link - N/A
The package github.com/dgrijalva/jwt-go introduces a vulnerabiltiy to the postgres driver for gorm
Details of vulnerability:
The text was updated successfully, but these errors were encountered: