Skip to content

CVE-2020-26160 vulnerability #1386

New issue
New issue
Closed
#1433
Closed
CVE-2020-26160 vulnerability#1386
#1433
@ekj1711

Description

@ekj1711
ekj1711
opened on May 3, 2021

Is your feature request related to a problem? Please describe.
Viper has dgrijalva/jwt-go (actually v 3.2.0) as a dependency. This library has a known vulnerability CVE-2020-26160.
dgrijalva/jwt-go seem to have a fix for this issue in version release-4.0.0 but it's been abandoned since January 2020.

This issue intends to ensure that go.sum does not have any entries on github.com/dgrijalva/jwt-go once spf13/viper#1115 is merged

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions