CVE-2021-37580 Vulnerability in maven package org.apache.shenyu:shenyu-admin

Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/16/1

https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb

Related Vulnerabilities

CVE-2022-41250 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient

CVE-2020-28246 Vulnerability in maven package org.webjars.npm:formio

CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone

CVE-2019-19771 Vulnerability in npm package signqle

CVE-2022-24881 Vulnerability in maven package com.hccake:ballcat-codegen

Severity

Critical

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H