CVE-2020-28466

Name of the Vulnerable Software and Affected Versions: github.com/nats-io/nats-server/server versions prior to a fixed version

Description: The issue is related to an uncontrolled resource consumption in the NATS messaging system server. This can be exploited by a remote attacker to cause a denial of service. Untrusted accounts can crash the server using configurations that represent service export/import cycles. Running a NATS service exposed to untrusted users presents a heightened risk. The maintainers of the NATS server encourage those running such services to build regularly from git to minimize risks.

Recommendations: As a temporary workaround, consider restricting access to untrusted accounts until a patch is available. For all versions of github.com/nats-io/nats-server/server, build regularly from git to obtain the latest fixes and minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.