Import tokens valid for one account may be used for any other account.
Validation of Import token bindings incorrectly warns on mismatches,
rather than rejecting the Goken. This permits a token for one account
to be used for any other account.
For further details and mitigation procedures, see
https://advisories.nats.io/CVE/CVE-2021-3127.txtRead More