CVE-2021-37580

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
References
Link Resource
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/11/16/1 Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:shenyu:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:shenyu:2.4.0:*:*:*:*:*:*:*

Information

Published : 2021-11-16 02:15

Updated : 2021-11-17 12:17


NVD link : CVE-2021-37580

Mitre link : CVE-2021-37580


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

apache

  • shenyu