Technology: nats
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0045 Medium Impact: 4/10 Mitigation: 4/10 | NATS Authorization Failure Detected | The NATS server has emitted an **Authorization Violation** log entry, meaning a client attempted to connect, publish, subscribe, or perform another operation for which it lacks permission. Intermittent violations often point to misconfiguration or start-up chaos. However, sustained or widespread violations can signal credential expiry or missing secrets. | Authorization Problems | nats | NATSSecurityAuthorizationPublic |
| CRE-2025-0046 Medium Impact: 4/10 Mitigation: 4/10 | NATS Permissions Violation Detected | The NATS server has emitted an **Permission Violation** log entry, meaning a client attempted to publish or subscribe to a subject for which it lacks permission. | Authorization Problems | nats | NATSSecurityAuthorizationPublic |
| CRE-2025-0049 Low Impact: 2/10 Mitigation: 8/10 | NATS Payload Size Too Big | The NATS server is configured to publish messages with payloads that may exceed the recommended maximum of 8 MB (the server’s default hard limit is 1 MB but it can be raised to 64 MB). Large messages put disproportionate pressure on broker memory, network buffers, and client back-pressure mechanisms. This warning signals NATS is at risk of degraded throughput, slow consumers, and forced connection closures intended to protect cluster stability. | Message Queue Problems | nats | NATSPublic |
| CRE-2025-0082 High Impact: 0/10 Mitigation: 8/10 | NATS JetStream HA failures: monitor goroutine, consumer stalls and unsynced replicas | Detects high-availability failures in NATS JetStream clusters due to: 1. **Monitor goroutine failure** — after node restarts, Raft group fails to elect a leader 2. **Consumer deadlock** — using DeliverPolicy=LastPerSubject + AckPolicy=Explicit with low MaxAckPending 3. **Unsynced replicas** — object store replication appears healthy but data is lost or inconsistent between nodes These issues lead to invisible data loss, stalled consumers, or stream unavailability. | Message Queue Problems | nats | NATSJetStreamRaftAck DeadlockUnsynced Replica |
| CRE-2025-0095 High Impact: 9/10 Mitigation: 7/10 | NATS Connection Exhaustion: Maximum Connections Exceeded | Detects NATS server connection exhaustion where the configured maximum connection limit is exceeded, preventing new clients from establishing connections. This represents a critical messaging infrastructure failure that can cause cascading outages across distributed systems. | Message Queue Problems | nats | NATSConnection ExhaustionCritical Infrastructure |
| CRE-2025-0103 Medium Impact: 0/10 Mitigation: 0/10 | NATS Connection Failures and Network Partitions | Detects NATS connection failures and network partitions that can impact message delivery and system reliability. | Message Queue Problems | nats | NATSConnectivity |