Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/16/1
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
Related Vulnerabilities
CVE-2020-2207 Vulnerability in maven package org.jenkins-ci.plugins:vncviewer
CVE-2019-10285 Vulnerability in maven package org.jenkins-ci.plugins:minio-storage
CVE-2022-35915 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2021-32623 Vulnerability in maven package org.opencastproject:opencast-kernel
CVE-2020-26296 Vulnerability in maven package org.webjars.bower:vega