Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/16/1
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
Related Vulnerabilities
CVE-2019-1003089 Vulnerability in maven package ren.helloworld:upload-pgyer
CVE-2018-11693 Vulnerability in npm package node-sass
CVE-2020-2216 Vulnerability in maven package org.jenkins-ci.plugins:zephyr-for-jira-test-management
CVE-2021-46708 Vulnerability in maven package org.webjars.npm:swagger-ui-dist
CVE-2019-1003070 Vulnerability in maven package org.jenkins-ci.plugins:veracode-scanner