Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/16/1

https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb

Related Vulnerabilities

CVE-2019-10802 Vulnerability in npm package giting

CVE-2021-23358 Vulnerability in maven package org.webjars.bowergithub.jashkenas:underscore

CVE-2022-25863 Vulnerability in npm package gatsby-plugin-mdx

CVE-2020-6451 Vulnerability in npm package electron

CVE-2020-11979 Vulnerability in maven package org.apache.ant:ant

Severity

Critical

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory