This repository was archived by the owner on May 21, 2022. It is now read-only.
Security Issue - Authorization bypass #489
Description
While merging branches, Github throws me the security alert message shown below.
Severity is 7.5/10.
"jwt-go allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are advised to migrate to golang-jwt at version 3.2.1"
