openstorage icon indicating copy to clipboard operation
openstorage copied to clipboard

Published 20 hours ago verified publisher icon libopenstorage

Potential security issue: CVE-2020-26160

Open avoinov-k opened this issue 2 years ago • 1 comments

Is this a BUG REPORT or FEATURE REQUEST?: BUG REPORT

What happened: openstorage uses unmaintained package: github.com/dgrijalva/jwt-go. There is a security vulnerability found in this library: https://nvd.nist.gov/vuln/detail/CVE-2020-26160

The recommended way to proceed is to upgrade github.com/dgrijalva/jwt-go to its maintained fork: github.com/golang-jwt/jwt which is a drop-in replacement with this issue already fixed.

avoinov-k avatar Jul 28 '21 15:07 avoinov-k

Thank you, we will updating it to the new jwt v4.0 from github.com/golang-jwt/jwt/v4

lpabon avatar Jun 28 '22 03:06 lpabon