Miggo Logo

CVE-2020-26149: Sensitive data exposure in NATS

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.56185%
Published
10/8/2020
Updated
9/11/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
natsnpm>= 2.0.0-201, <= 2.0.0-2062.0.0-209
nats.wsnpm>= 1.0.0-85, <= 1.0.0-1101.0.0-111

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of connection configuration options during the CONNECT message serialization. The commit in nats.deno (v1.0.0-9) specifically addresses this by filtering connection options, and the advisory explicitly mentions the 'connection' configuration being fully serialized. The function creating the CONNECT message (likely named createConnect in nats_base_client.ts) would be directly responsible for this insecure serialization. While exact function names/paths for npm packages aren't explicitly shown in available data, the Deno client's fix provides a clear pattern matching the described vulnerability mechanism.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pr*vi*w v*rsions o* two NPM p**k***s *n* on* **no p**k*** *rom t** N*TS proj**t *ont*in *n in*orm*tion *is*losur* *l*w, l**kin* options to t** N*TS s*rv*r; *or on* p**k***, t*is in*lu**s TLS priv*t* *r***nti*ls. T** `_*onn**tion_` *on*i*ur*tion opti

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* *onn**tion *on*i*ur*tion options *urin* t** *ONN**T m*ss*** s*ri*liz*tion. T** *ommit in n*ts.**no (v*.*.*-*) sp**i*i**lly ***r*ss*s t*is *y *ilt*rin* *onn**tion options, *n* t** **visory *xpli*itly m