Vulnerability Report: GO-2025-3600
- CVE-2025-30215, GHSA-fhg8-qxh5-7q3w
- Affects: github.com/nats-io/nats-server/v2
- Published: Apr 22, 2025
Missing
For detailed information about this vulnerability, visit https://github.com/nats-io/nats-server/security/advisories/GHSA-fhg8-qxh5-7q3w.
Affected Packages
-
PathGo VersionsSymbols
-
from v2.2.0 before v2.10.27, from v2.11.0 before v2.11.1
75 affected symbols
- Account.AddServiceImport
- Account.AddServiceImportWithClaim
- Account.DisableJetStream
- Account.EnableJetStream
- Account.RestoreStream
- Account.TrackServiceExport
- Account.TrackServiceExportWithSampling
- Account.UnTrackServiceExport
- CacheDirAccResolver.Reload
- CacheDirAccResolver.Start
- ConfigureOptions
- DirAccResolver.Fetch
- DirAccResolver.Reload
- DirAccResolver.Start
- DirAccResolver.Store
- DirJWTStore.Merge
- DirJWTStore.Pack
- DirJWTStore.PackWalk
- DirJWTStore.Reload
- DirJWTStore.SaveAcc
- DirJWTStore.SaveAct
- New
- NewCacheDirAccResolver
- NewDirAccResolver
- NewExpiringDirJWTStore
- NewServer
- Options.ProcessConfigFile
- ProcessConfigFile
- Run
- Server.AcceptLoop
- Server.AccountStatz
- Server.Accountz
- Server.ActivePeers
- Server.Connz
- Server.DisableJetStream
- Server.DisconnectClientByID
- Server.EnableJetStream
- Server.Gatewayz
- Server.HandleAccountStatz
- Server.HandleAccountz
- Server.HandleConnz
- Server.HandleGatewayz
- Server.HandleHealthz
- Server.HandleIPQueuesz
- Server.HandleSubsz
- Server.HandleVarz
- Server.InProcessConn
- Server.Ipqueuesz
- Server.JetStreamEnabledForDomain
- Server.JetStreamIsStreamAssigned
- Server.JetStreamIsStreamCurrent
- Server.JetStreamSnapshotMeta
- Server.JetStreamSnapshotStream
- Server.JetStreamStepdownConsumer
- Server.JetStreamStepdownStream
- Server.LameDuckShutdown
- Server.LookupAccount
- Server.LookupOrRegisterAccount
- Server.NumLoadedAccounts
- Server.NumSubscriptions
- Server.RegisterAccount
- Server.Reload
- Server.ReloadOptions
- Server.SetDefaultSystemAccount
- Server.SetSystemAccount
- Server.Shutdown
- Server.Start
- Server.StartHTTPMonitoring
- Server.StartHTTPSMonitoring
- Server.StartMonitoring
- Server.StartProfiler
- Server.StartRouting
- Server.Subsz
- Server.UpdateAccountClaims
- Server.Varz
Aliases
References
- https://github.com/nats-io/nats-server/security/advisories/GHSA-fhg8-qxh5-7q3w
- https://advisories.nats.io/CVE/secnote-2025-01.txt
- https://github.com/nats-io/nats-server/commit/3e7e4645a24e829a36b4210f2d7c34dea7f7a424
- https://vuln.go.dev/ID/GO-2025-3600.json
Credits
- Thomas Morgan
Feedback
See anything missing or incorrect?
Suggest an edit to this report.