CVE-2021-37580

Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

NVD
Severity: CRITICAL
CVE ID: CVE-2021-37580
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-37580

Refrence: Project Discovery GitHub

rabbitsafe

Refrence: GitHub

fengwenhua

CVE-2021-37580的poc

Refrence: GitHub

Osyanina

A vulnerability scanner that detects CVE-2021-37580 vulnerabilities.

Refrence: GitHub

ZororoZ

Refrence: GitHub

Liang2580

CVE-2021-37580

Refrence: GitHub

Wing-song

Apache ShenYu 管理员认证绕过

Refrence: GitHub

CN016

Apache ShenYu Admin JWT认证绕过漏洞(CVE-2021-37580)

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept