There are 2 open security issues in buster.
2 issues left for the package maintainer to handle:
- CVE-2020-26521:
(needs triaging)
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
- CVE-2020-26892:
(needs triaging)
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
You can find information about how to handle these issues in the security team's documentation.