CVE-2021-37580
Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
NVD
Severity: CRITICAL
CVE ID: CVE-2021-37580
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-37580
Refrence: Project Discovery GitHub
rabbitsafe
Refrence: GitHub
fengwenhua
CVE-2021-37580的poc
Refrence: GitHub
Osyanina
A vulnerability scanner that detects CVE-2021-37580 vulnerabilities.
Refrence: GitHub
ZororoZ
Refrence: GitHub
Liang2580
CVE-2021-37580
Refrence: GitHub
Wing-song
Apache ShenYu 管理员认证绕过
Refrence: GitHub
CN016
Apache ShenYu Admin JWT认证绕过漏洞(CVE-2021-37580)
Refrence: GitHub