nats-io/nats-server/v2:v2.8.4 has security risks and needs to be upgraded to the latest version

topfreegames / pitaya

Scalable game server framework with clustering support and client libraries for iOS, Android, Unity and others through the C SDK.

MIT License

2.37k stars 480 forks source link

nats-io/nats-server/v2:v2.8.4 has security risks and needs to be upgraded to the latest version #408

Closed chengroot closed 3 months ago

chengroot commented 4 months ago

security vulnerability : CVE-2023-47090

NATS nats-server in versions 2.2.0 through 2.9.22, and 2.10.0 through 2.10.1 has an authentication bypass. An implicit "$G" user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account.