Fix CVE-2020-26160 by updating github.com/dgrijalva/jwt-go
swamvenk opened this issue · 0 comments
swamvenk commented
There is a CVE filed on github.com/dgrijalva/jwt-go. More details about the CVE-2020-26160 can be found on the link
This is can be resolved either by updating github.com/dgrijalva/jwt-go to >v3.2.0 or by using github.com/golang-jwt/jwt instead.
github.com/dgrijalva/jwt-go is no longer maintained and github.com/golang-jwt/jwt is the community maintained fork.