CVE-2020-26160HIGH≥ 0.0.0-20150717181359-44718f8a89b0, ≤ 3.2.02021-05-18
CVE-2020-26160 [HIGH] CWE-287 Authorization bypass in github.com/dgrijalva/jwt-go
Authorization bypass in github.com/dgrijalva/jwt-go
jwt-go allows attackers to bypass intended access restrictions in situations with `[]string{}` for `m["aud"]` (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are
ghsaosv