CVE-2021-37580

CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication

Vendor Apache Software Foundation

Product Apache ShenYu Admin

Weakness CWE-287 · Improper authentication

Published November 16, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Key dates

Disclosure timeline

November 16, 2021 CVE published

August 4, 2024 Record updated