Vulnerability Details CVE-2020-26149
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2020/09/30/3
- https://github.com/nats-io/nats.deno/compare/v1.0.0-8...v1.0.0-9
- https://github.com/nats-io/nats.ws/commit/0a37ac2a411ff63f0707cda69a268c5fc4079eb7
- http://www.openwall.com/lists/oss-security/2020/09/30/3
- https://github.com/nats-io/nats.deno/compare/v1.0.0-8...v1.0.0-9
- https://github.com/nats-io/nats.ws/commit/0a37ac2a411ff63f0707cda69a268c5fc4079eb7
Products affected by CVE-2020-26149
-
cpe:2.3:a:linuxfoundation:nats.deno:0.1.0-0
-
cpe:2.3:a:linuxfoundation:nats.deno:0.1.1-0
-
cpe:2.3:a:linuxfoundation:nats.deno:0.1.1-18
-
cpe:2.3:a:linuxfoundation:nats.deno:0.1.1-19
-
cpe:2.3:a:linuxfoundation:nats.deno:0.1.1-21
-
cpe:2.3:a:linuxfoundation:nats.deno:0.1.1-22
-
cpe:2.3:a:linuxfoundation:nats.deno:0.1.1-23
-
cpe:2.3:a:linuxfoundation:nats.deno:0.1.1-31
-
cpe:2.3:a:linuxfoundation:nats.deno:1.0.0-1
-
cpe:2.3:a:linuxfoundation:nats.deno:1.0.0-2
-
cpe:2.3:a:linuxfoundation:nats.deno:1.0.0-3
-
cpe:2.3:a:linuxfoundation:nats.deno:1.0.0-4
-
cpe:2.3:a:linuxfoundation:nats.deno:1.0.0-5
-
cpe:2.3:a:linuxfoundation:nats.deno:1.0.0-6
-
cpe:2.3:a:linuxfoundation:nats.deno:1.0.0-7
-
cpe:2.3:a:linuxfoundation:nats.deno:1.0.0-8
-
cpe:2.3:a:linuxfoundation:nats.js:0.3.0
-
cpe:2.3:a:linuxfoundation:nats.js:0.4.0
-
cpe:2.3:a:linuxfoundation:nats.js:0.4.2
-
cpe:2.3:a:linuxfoundation:nats.js:0.4.4
-
cpe:2.3:a:linuxfoundation:nats.js:0.5.0
-
cpe:2.3:a:linuxfoundation:nats.js:0.5.4
-
cpe:2.3:a:linuxfoundation:nats.js:0.6.2
-
cpe:2.3:a:linuxfoundation:nats.js:0.6.4
-
cpe:2.3:a:linuxfoundation:nats.js:0.6.8
-
cpe:2.3:a:linuxfoundation:nats.js:0.7.2
-
cpe:2.3:a:linuxfoundation:nats.js:0.7.20
-
cpe:2.3:a:linuxfoundation:nats.js:0.7.22
-
cpe:2.3:a:linuxfoundation:nats.js:0.7.24
-
cpe:2.3:a:linuxfoundation:nats.js:0.7.25
-
cpe:2.3:a:linuxfoundation:nats.js:0.7.29
-
cpe:2.3:a:linuxfoundation:nats.js:0.8.0
-
cpe:2.3:a:linuxfoundation:nats.js:0.8.10
-
cpe:2.3:a:linuxfoundation:nats.js:0.8.2
-
cpe:2.3:a:linuxfoundation:nats.js:1.0.0
-
cpe:2.3:a:linuxfoundation:nats.js:1.0.1
-
cpe:2.3:a:linuxfoundation:nats.js:1.2.0
-
cpe:2.3:a:linuxfoundation:nats.js:1.2.1
-
cpe:2.3:a:linuxfoundation:nats.js:1.2.10
-
cpe:2.3:a:linuxfoundation:nats.js:1.2.2
-
cpe:2.3:a:linuxfoundation:nats.js:1.2.4
-
cpe:2.3:a:linuxfoundation:nats.js:1.2.6
-
cpe:2.3:a:linuxfoundation:nats.js:1.2.8
-
cpe:2.3:a:linuxfoundation:nats.js:1.3.0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.1-3
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.1-4
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.1-5
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.1-6
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.1-7
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.1-8
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.10
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.10-0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.12
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.2
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.3-0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.4
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.4-0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.5
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.6
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.6-0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.7-0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.8
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.8-0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.9
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.9-0
-
cpe:2.3:a:linuxfoundation:nats.js:1.4.9-1
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-0
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-1
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-10
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-11
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-12
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-13
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-14
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-15
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-16
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-17
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-18
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-19
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-2
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-20
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-21
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-22
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-23
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-24
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-25
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-26
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-27
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-3
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-4
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-5
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-6
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-7
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-8
-
cpe:2.3:a:linuxfoundation:nats.js:2.0.0-9
-
cpe:2.3:a:linuxfoundation:nats.ws:-