Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/16/1
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
Related Vulnerabilities
CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-manager-api-rest-impl
CVE-2021-23353 Vulnerability in npm package jspdf
CVE-2018-16472 Vulnerability in maven package org.webjars.npm:cached-path-relative
CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2022-46751 Vulnerability in maven package org.apache.ivy:ivy