← back
CVE-2021-37580

Apache ShenYu Admin bypass JWT authentication

EPSS 40.1%CWE-287
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Affected products
Apache Software Foundation · Apache ShenYu Admin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgbhttp://www.openwall.com/lists/oss-security/2021/11/16/1