CVE-2021-3127HIGHCVSS 7.5≥ 0, < 2.0.12022-02-15
CVE-2021-3127 [HIGH] CWE-863 nats-io/jwt not enforcing checking of Import token permissions
nats-io/jwt not enforcing checking of Import token permissions
(This advisory is canonically )
## Problem Description
The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyone can import the
relevant subjects, and
ghsaosv