Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/16/1
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
Related Vulnerabilities
CVE-2021-23342 Vulnerability in npm package docsify
CVE-2019-10453 Vulnerability in maven package org.jenkins-ci.plugins:delphix
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war
CVE-2020-14062 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-27820 Vulnerability in maven package org.zaproxy:zap