This repository has been archived by the owner on May 21, 2022. It is now read-only.
Security Issue - Authorization bypass #489
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
While merging branches, Github throws me the security alert message shown below.
Severity is 7.5/10.
"jwt-go allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are advised to migrate to golang-jwt at version 3.2.1"
The text was updated successfully, but these errors were encountered: