Description
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.
Remediation
References
https://github.com/dromara/sureness/issues/164
https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md
Related Vulnerabilities
CVE-2022-24947 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc-client
CVE-2020-8203 Vulnerability in maven package org.webjars.npm:lodash
CVE-2021-23430 Vulnerability in npm package startserver
CVE-2023-31719 Vulnerability in npm package @frangoteam/fuxa