CVE-2021-37580
Apache ShenYu Admin bypass JWT authentication
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 40.1%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
16 Nov 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Affected products
Apache Software Foundation · Apache ShenYu AdminWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →