← voltar
CVE-2021-37580

Apache ShenYu Admin bypass JWT authentication

EPSS 40.1%CWE-287
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Produtos afetados
Apache Software Foundation · Apache ShenYu Admin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgbhttp://www.openwall.com/lists/oss-security/2021/11/16/1