Description
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.
Remediation
References
https://github.com/dromara/sureness/issues/164
https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md
Related Vulnerabilities
CVE-2016-10547 Vulnerability in maven package org.webjars.npm:nunjucks
CVE-2020-35491 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-25927 Vulnerability in maven package org.webjars.npm:ua-parser-js
CVE-2021-37578 Vulnerability in maven package org.apache.juddi:juddi-core