CVE-2023-31581

Description

Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.

How to fix CVE-2023-31581

To remediate CVE-2023-31581, upgrade the affected package to a fixed version below.

• Maven/com.usthe.sureness:sureness-core—upgrade to 1.0.8 or later

Is CVE-2023-31581 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.0.8

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-31581
• PATCHgithub.com/dromara/sureness
• WEBgithub.com/dromara/sureness/commit/12987a72cbf1eabbca1e308ed1fe9445958aeca7
• WEBgithub.com/dromara/sureness/issues/164