oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication

From: Liang Liu <midnight2104 () apache org>
Date: Tue, 16 Nov 2021 05:14:11 +0000
Description:

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass 
authentication.  This issue affected Apache ShenYu 2.3.0 and 2.4.0

Credit:

This issue was reported by 伍 雄
Previous By Date Next
Previous By Thread Next

Current thread: