CVE-2021-37580

Summary

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache ShenYu AdminApache ShenYu Admin 2.3.0-2.4.0affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References