Linuxfoundation

Nats-server

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.14%
  • Veröffentlicht 25.03.2026 19:50:03
  • Zuletzt bearbeitet 26.03.2026 17:16:21

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is supposed to provide enough information to all...

  • EPSS 0.26%
  • Veröffentlicht 25.03.2026 19:43:40
  • Zuletzt bearbeitet 30.06.2026 03:18:38

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the `$MQTT.>` namespace, allowing MQTT clients t...

  • EPSS 0.37%
  • Veröffentlicht 25.03.2026 19:41:55
  • Zuletzt bearbeitet 30.06.2026 03:18:38

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating id...

  • EPSS 0.66%
  • Veröffentlicht 25.03.2026 19:38:44
  • Zuletzt bearbeitet 30.06.2026 03:18:09

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled (not default), then anyone who can connect can crash the...

  • EPSS 0.58%
  • Veröffentlicht 25.03.2026 19:36:36
  • Zuletzt bearbeitet 30.06.2026 03:17:59

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-...

  • EPSS 0.24%
  • Veröffentlicht 24.03.2026 21:16:28
  • Zuletzt bearbeitet 26.03.2026 17:19:15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasa...

  • EPSS 0.48%
  • Veröffentlicht 24.02.2026 15:59:17
  • Zuletzt bearbeitet 26.02.2026 19:06:26

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the i...

  • EPSS 0.37%
  • Veröffentlicht 31.10.2023 00:15:09
  • Zuletzt bearbeitet 30.03.2026 14:30:00

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for sign...

  • EPSS 0.66%
  • Veröffentlicht 30.10.2023 17:15:52
  • Zuletzt bearbeitet 21.11.2024 08:29:44

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to ha...

  • EPSS 0.99%
  • Veröffentlicht 19.09.2023 02:15:54
  • Zuletzt bearbeitet 21.11.2024 06:57:12

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.