CVE-2021-37580 Vulnerability in maven package org.apache.shenyu:shenyu-admin

Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/16/1

https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb

Related Vulnerabilities

CVE-2021-23342 Vulnerability in npm package docsify

CVE-2019-10453 Vulnerability in maven package org.jenkins-ci.plugins:delphix

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war

CVE-2020-14062 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-27820 Vulnerability in maven package org.zaproxy:zap

Severity

Critical

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H