Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/16/1
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
Related Vulnerabilities
CVE-2023-32200 Vulnerability in maven package org.apache.jena:jena
CVE-2021-39148 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-39386 Vulnerability in npm package @fastify/websocket
CVE-2021-32696 Vulnerability in npm package striptags
CVE-2020-28480 Vulnerability in maven package org.webjars.bower:jointjs