CVE Vulnerabilities

CVE-2021-3127

Improper Handling of Exceptional Conditions

Published: Mar 16, 2021 | Modified: Mar 30, 2026
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

NameVendorStart VersionEnd Version
Nats-serverLinuxfoundation2.0.0 (including)2.2.0 (excluding)
Jwt_libraryNats*2.0.1 (excluding)
Golang-github-nats-io-jwtUbuntuesm-apps/focal*
Golang-github-nats-io-jwtUbuntuesm-apps/jammy*
Golang-github-nats-io-jwtUbuntufocal*
Golang-github-nats-io-jwtUbuntugroovy*
Golang-github-nats-io-jwtUbuntuhirsute*
Golang-github-nats-io-jwtUbuntuimpish*
Golang-github-nats-io-jwtUbuntujammy*
Golang-github-nats-io-jwtUbuntukinetic*
Golang-github-nats-io-jwtUbuntulunar*
Golang-github-nats-io-jwtUbuntumantic*
Golang-github-nats-io-jwtUbuntutrusty*
Golang-github-nats-io-jwtUbuntuupstream*

References