x/vulndb: potential Go vuln in github.com/nats-io/nats-server/v2/server: GHSA-m4jx-6526-vvhm

[GoVulnBot]

In GitHub Security Advisory GHSA-m4jx-6526-vvhm, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/nats-io/nats-server/v2/server	2.2.0	< 2.2.0

Cross references:

• CVE-2020-28466 appears in issue x/vulndb: potential Go vuln in github.com/nats-io/nats-server/v2/server: GHSA-m4jx-6526-vvhm #855 NOT_IMPORTABLE
• GHSA-m4jx-6526-vvhm appears in issue x/vulndb: potential Go vuln in github.com/nats-io/nats-server/v2/server: GHSA-m4jx-6526-vvhm #855 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 2.2.0
    packages:
      - package: github.com/nats-io/nats-server/v2/server
  - module: TODO
    versions:
      - fixed: 2.2.0
    packages:
      - package: github.com/nats-io/nats-server/server
description: This affects all versions of package github.com/nats-io/nats-server/server.
    Untrusted accounts are able to crash the server using configs that represent a
    service export/import cycles. Disclaimer from the maintainers - Running a NATS
    service which is exposed to untrusted users presents a heightened risk. Any remote
    execution flaw or equivalent seriousness, or denial-of-service by unauthenticated
    users, will lead to prompt releases by the NATS maintainers. Fixes for denial
    of service issues with no threat of remote execution, when limited to account
    holders, are likely to just be committed to the main development branch with no
    special attention. Those who are running such services are encouraged to build
    regularly from git.
cves:
  - CVE-2020-28466
ghsas:
  - GHSA-m4jx-6526-vvhm

[tatianab]

Duplicate of #855