CVE-2021-37580

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 87.57 % (99^th)

Affected Products 1

Advisories 1

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Weaknesses

CWE-287: Improper Authentication

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2021-11-16 10:15:07
(2 years ago)
Updated Date: 2021-11-17 20:17:30
(2 years ago)

Affected Products

Apache

Shenyu

Configuration #1

		CPE23	From	Up To
	Apache Shenyu 2.3.0	cpe:2.3:a:apache:shenyu:2.3.0
	Apache Shenyu 2.4.0	cpe:2.3:a:apache:shenyu:2.4.0