Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions benchmark/data/tasks/ecvebench-jwt-001.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{
"task_id": "ecvebench-jwt-001",
"ghsa_id": "GHSA-h2fg-54x9-5qhq",
"codebase": {
"repo": "https://github.com/nats-io/jwt",
"language": "go",
"ecosystem": "go",
"commit": "8527407e521556b9f0253318912cc03fd84a5bbd"
},
"hints": {
"L0": null,
"L1": {
"area": "Account-level permission and access control claim processing"
},
"L2": {
"description": "A nil pointer dereference vulnerability exists in JWT claim validation. When processing a maliciously crafted JWT containing null entries in its claim data structures, the validation routine attempts to dereference nil pointers without proper nil checks, causing a panic and process crash. An attacker who can issue tokens within the NATS account system can trigger a denial of service on dependent servers."
},
"L3": {
"area": "Import and export permission claim validation within the JWT library",
"description": "A nil pointer dereference vulnerability exists in the validation routines for import and export permission claims. When a maliciously crafted user JWT contains null import or export entries, the validation code iterates over and dereferences these nil entries without checking, causing a panic. An untrusted Account operator within the NATS system can craft such tokens to cause denial of service on the NATS server."
}
},
"ground_truth": {
"vulnerable": true,
"vuln_class": "null-deref",
"cvss": 7.5,
"reason": "The Validate methods on Export, Exports, Import, and Imports types lack nil receiver and nil element checks. A maliciously crafted JWT with null import or export entries causes nil pointer dereference during validation, leading to panic and denial of service.",
"locations": [
{
"file": "exports.go",
"function": "Validate"
},
{
"file": "imports.go",
"function": "Validate"
}
]
}
}
8 changes: 8 additions & 0 deletions benchmark/internal/metadata/GHSA-h2fg-54x9-5qhq.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"ghsa_id": "GHSA-h2fg-54x9-5qhq",
"post_patch_commit": "e74ae88d2a8af9fd032d46b44b09345a044fe826",
"noisy_patch": false,
"curation_notes": "Patch commit e74ae88 from PR nats-io/jwt#107 adds nil checks to four Validate methods across two files: exports.go (Export.Validate and Exports.Validate) and imports.go (Import.Validate and Imports.Validate). The vulnerability allows a malicious Account to craft a User JWT with nil import/export entries that cause nil pointer dereference and panic during validation. Locations derived directly from the patch diff. No sibling files contain the same vulnerability pattern — exports.go and imports.go are the only files implementing these specific validation routines. Pre-assigned class null-deref (CWE-476) is correct.",
"dataset_version": "0.1.0",
"snapshot_date": "2026-04-26"
}