Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Remediation
References
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
http://www.openwall.com/lists/oss-security/2021/11/16/1
Related Vulnerabilities
CVE-2020-10686 Vulnerability in maven package org.keycloak:keycloak-model-jpa
CVE-2017-5858 Vulnerability in npm package converse.js
CVE-2020-2249 Vulnerability in maven package org.jenkins-ci.plugins:tfs
CVE-2022-37734 Vulnerability in maven package com.graphql-java:graphql-java
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-spark-engine