Nats: >> Nats Streaming Server >> 0.21.1 Security Vulnerabilities
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
CVSS Score
6.5
EPSS Score
0.009
Published
2022-03-10
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-02-08