[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: golang-github-dgrijalva-jwt-go / CVE-2020-26160

Hi Brian,

On Tue, Dec 01, 2020 at 09:01:37AM +1100, Brian May wrote:
> I note this package - golang-github-dgrijalva-jwt-go - has been marked
> as vulnerable to CVE-2020-26160 in both Debian stretch and buster.
> https://security-tracker.debian.org/tracker/CVE-2020-26160
> But I can't find any code in these versions that even mentions the
> aud/audience fields.
> So I plan to mark these versions as not vulnerable.

Were you able to track down in which version the vulnerability was


Reply to: