{"id":"CVE-2020-26149","details":"NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.","aliases":["GHSA-82rf-q3pr-4f6p"],"modified":"2026-03-01T07:52:09.227100Z","published":"2020-09-30T18:15:27.023Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/09/30/3"},{"type":"ADVISORY","url":"https://github.com/nats-io/nats.deno/compare/v1.0.0-8...v1.0.0-9"},{"type":"ADVISORY","url":"https://github.com/nats-io/nats.ws/commit/0a37ac2a411ff63f0707cda69a268c5fc4079eb7"},{"type":"FIX","url":"https://github.com/nats-io/nats.deno/compare/v1.0.0-8...v1.0.0-9"},{"type":"FIX","url":"https://github.com/nats-io/nats.ws/commit/0a37ac2a411ff63f0707cda69a268c5fc4079eb7"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2020/09/30/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nats-io/nats.deno","events":[{"introduced":"0"},{"fixed":"e7c566eb9941cd07bfd891a6965bd4e46cbdc8c3"}]}],"versions":["v0.1.0-0","v0.1.1-0","v0.1.1-19","v0.1.1-21","v0.1.1-22","v0.1.1-23","v0.1.1-31","v0.1.1.-18","v1.0.0-1","v1.0.0-2","v1.0.0-3","v1.0.0-4","v1.0.0-5","v1.0.0-6","v1.0.0-7","v1.0.0-8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26149.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}