You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/02/05 14:11:44 UTC

[GitHub] [apisix-dashboard] hongbinhsu opened a new issue #2302: api use dgrijalva / jwt-go have Access Restriction Bypass

hongbinhsu opened a new issue #2302:
URL: https://github.com/apache/apisix-dashboard/issues/2302


   ### Issue description
   
   Access Restriction Bypass
   Affecting [github.com/dgrijalva/jwt-goOpen this link in a new tab](https://snyk.io/vuln/golang%3Agithub.com%2Fdgrijalva%2Fjwt-go) package, versions <4.0.0-preview1
   
   PS： https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
   
   dgrijalva / jwt-go The latest has been switched to golang-jwt/jwt；
   
   It is recommended to use V4 with higher security
   
   
   
   ### Expected behavior
   
   go install "github.com/golang-jwt/jwt/v4"
   
   ### How to Reproduce
   
   look  https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
   and https://github.com/golang-jwt/jwt
   
   ### Screenshots
   
   _No response_
   
   ### Environment
   
   - apisix version (cmd: `apisix version`):
   - OS (cmd: `uname -a`):
   - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
   - etcd version, if have (cmd: run `etcd --version`):
   - apisix-dashboard version, if have:
   - Browser version, if have:
   
   
   ### Additional context
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] zaunist commented on issue #2302: api use dgrijalva / jwt-go have Access Restriction Bypass

Posted by GitBox <gi...@apache.org>.

zaunist commented on issue #2302:
URL: https://github.com/apache/apisix-dashboard/issues/2302#issuecomment-1032648681


   @juzhiyuan We can close this issue after https://github.com/apache/apisix-dashboard/pull/2304  merged.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] zaunist commented on issue #2302: api use dgrijalva / jwt-go have Access Restriction Bypass

Posted by GitBox <gi...@apache.org>.

zaunist commented on issue #2302:
URL: https://github.com/apache/apisix-dashboard/issues/2302#issuecomment-1030818316


   Thanks for your contribution https://github.com/apache/apisix-dashboard/pull/2304. And we need pass the CI check before merge to master.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] juzhiyuan closed issue #2302: api use dgrijalva / jwt-go have Access Restriction Bypass

Posted by GitBox <gi...@apache.org>.

juzhiyuan closed issue #2302:
URL: https://github.com/apache/apisix-dashboard/issues/2302


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] juzhiyuan closed issue #2302: api use dgrijalva / jwt-go have Access Restriction Bypass

Posted by GitBox <gi...@apache.org>.

juzhiyuan closed issue #2302:
URL: https://github.com/apache/apisix-dashboard/issues/2302


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org