Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-26652 | 1 Nats | 2 Nats Server, Nats Streaming Server | 2022-03-17 | 4.0 MEDIUM | 6.5 MEDIUM |
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. | |||||
CVE-2022-24450 | 1 Nats | 2 Nats Server, Nats Streaming Server | 2022-02-11 | 9.0 HIGH | 8.8 HIGH |
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. |