Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS)
Vulnerability Description
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
Waldemar Quevedo nats-server 安全漏洞
Vulnerability Description
Waldemar Quevedo nats-server是 (Waldemar Quevedo)开源的一个应用软件。用于数字系统,服务和设备的简单,安全和高性能的通信系统。 github.com/nats-io/nats-server/server 所有版本存在安全漏洞,该漏洞源于不受信任的帐户能够使用代表服务导出导入周期的配置使服务器崩溃。
CVSS Information
N/A
Vulnerability Type
N/A