pkg:Bitnami/nats

All known vulnerabilities

• CRITICAL9.6CVE-2025-30215NATS-Server Fails to Authorize Certain Jetstream Admin APIs
  >= 2.2.0, < 2.11.1
• HIGH8.8CVE-2022-24450Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server
  >= 2.0.0, < 2.7.2
• HIGH8.6CVE-2026-33216NATS has MQTT plaintext password disclosure
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• HIGH7.5NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead
  >= 2.2.0, < 2.11.14, >= 2.12.0, < 2.12.5
• HIGH7.5NATS has pre-auth server panic via leafnode handling
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• HIGH7.5NATS Server panic via malicious compression on leafnode port
  from 0, < 2.11.14, >= 2.12.0, < 2.12.5
• HIGH7.5xkeys Seal encryption used fixed key for all encryption
  >= 2.10.0, < 2.10.4
• HIGH7.5Denial of Service (DoS)
  >= 2.0.0, < 2.2.0
• HIGH7.5Import token permissions checking not enforced in github.com/nats-io/jwt
  >= 2.0.0, < 2.2.0
• HIGH7.4NATS credentials are exposed in monitoring port via command-line argv
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• HIGH7.1NATS allows MQTT clients to bypass ACL checks
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• MEDIUM6.5NATS is vulnerable to MQTT hijacking via Client ID
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• MEDIUM6.5Arbitrary file write in nats-server in github.com/nats-io/nats-server
  >= 2.2.0, < 2.7.4
• MEDIUM6.4NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• MEDIUM6.4NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• MEDIUM5.9nats-server websockets are vulnerable to pre-auth memory DoS
  from 0, < 2.11.12, >= 2.12.0, < 2.12.3
• MEDIUM5.3NATS is vulnerable to pre-auth DoS through WebSockets client service
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• MEDIUM4.9NATS JetStream has an authorization bypass through its Management API
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6
• MEDIUM4.3NATS: Message tracing can be redirected to arbitrary subject
  >= 2.11.0, < 2.11.15, >= 2.12.0, < 2.12.6
• MEDIUM4.2NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
  from 0, < 2.11.15, >= 2.12.0, < 2.12.6