Description
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.
Remediation
References
https://github.com/dromara/sureness/issues/164
https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md
Related Vulnerabilities
CVE-2023-36472 Vulnerability in npm package @strapi/plugin-content-manager
CVE-2021-21341 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2021-22135 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.freemarker