Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/16/1
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
Related Vulnerabilities
CVE-2022-35915 Vulnerability in npm package openzeppelin-eth
CVE-2019-16775 Vulnerability in maven package org.webjars.bower:npm
CVE-2022-29237 Vulnerability in maven package org.opencastproject:opencast-ingest-service-impl
CVE-2022-25860 Vulnerability in npm package simple-git
CVE-2022-21700 Vulnerability in maven package io.micronaut:micronaut-http