CVE-2021-37580
CRITICAL9.8EPSS 94.0%Improper Authentication in Apache ShenYu Admin
Published: 11/17/2021Modified: 2/16/2024
Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0.
Affected packages (1)
- Maven/org.apache.shenyu:shenyu-admin>= 2.3.0, < 2.4.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-37580
- PATCHhttps://github.com/apache/shenyu
- WEBhttps://github.com/apache/shenyu/commit/f78adb26926ba53b4ec5c21f2cf7e931461d601d
- WEBhttps://github.com/apache/shenyu/releases/tag/v2.4.1
- WEBhttps://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
- WEBhttp://www.openwall.com/lists/oss-security/2021/11/16/1