ibm-devx-sdk
commented
3 years ago :tada: This issue has been resolved in version 5.4.2 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
Closed ndobosi closed 3 years ago
ibm-devx-sdk
commented
3 years ago :tada: This issue has been resolved in version 5.4.2 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
golang/github.com/dgrijalva/jwt-go@3.2.0 package has a known vulnerability issue.
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service hat lacks its own audience check.
Link for more info https://ossindex.sonatype.org/vulnerability/c16fb56d-9de6-4065-9fca-d2b4cfb13020?component-type=golang&component-name=github.com%2Fdgrijalva%2Fjwt-go&utm_source=nancy-client&utm_medium=integration&utm_content=1.0.10