CVE-2021-37580

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-37580

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37580.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-37580

Aliases

GHSA-vpfp-5gwq-g533

Published

2021-11-16T10:15:07.220Z

Modified

2025-11-14T12:07:27.878136Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

References

Affected packages

Git / github.com/apache/incubator-shenyu

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-shenyu
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

dc841a2720ea0b5a6ca71f1b9c1aa7958d241f16

Last affected

e86d41e84ee52cca1d71fb7e5252fd27b9d1edbd

Affected versions

1.*

1.0.2

1.0.3

1.0.4

1.0.5

2.*

2.3.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37580.json"