Closed GoVulnBot closed 1 week ago
Change https://go.dev/cl/601381 mentions this issue: data/reports: add GO-2024-3004
Change https://go.dev/cl/603235 mentions this issue: data/reports: add 29 unreviewed reports
This vulnerability has been withdrawn. It no longer needs a report.
Change https://go.dev/cl/607820 mentions this issue: data/excluded: add 3 reports
Advisory GHSA-x72p-g37q-4xr9 references a vulnerability in the following Go modules:
Description: In SFTPGo 2.6.2, the JWT implementation lacks certain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms.
References:
Cross references:
See doc/quickstart.md for instructions on how to triage this report.