Description
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.
Remediation
References
https://github.com/dromara/sureness/issues/164
https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md
Related Vulnerabilities
CVE-2022-0086 Vulnerability in npm package uppy
CVE-2023-26486 Vulnerability in npm package vega
CVE-2022-24615 Vulnerability in maven package net.lingala.zip4j:zip4j
CVE-2022-24759 Vulnerability in npm package @chainsafe/libp2p-noise
CVE-2021-21353 Vulnerability in maven package org.webjars.npm:pug-code-gen