Github.com/nats-io/nats-streaming-server
This hub aggregates every CVE we track for Github.com/nats-io/nats-streaming-server, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM2HIGH1
Monthly trend
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 3 most recently published vulnerabilities affecting Github.com/nats-io/nats-streaming-server.
- CVE-2022-29946NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one ...6.3
- CVE-2022-26652NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.6.5
- CVE-2022-24450NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.8.8
Product normalization is registry-driven with AI assist and human review. How it works