CVE-2021-37580
CRITICALCVSS 9.8/10EPSS 40.06%
Last modified
CVE-2021-37580 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. EPSS estimates a 40.06% chance of exploitation in the next 30 days.
Description
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Shenyu | 2.3.0 |
| Apache | Shenyu | 2.4.0 |
References
- http://www.openwall.com/lists/oss-security/2021/11/16/1Mailing List, Third Party Advisory
- https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgbMailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2021/11/16/1Mailing List, Third Party Advisory
- https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgbMailing List, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-37580?
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
How severe is CVE-2021-37580?
CVE-2021-37580 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 40.06% probability of exploitation in the next 30 days.
How do I fix CVE-2021-37580?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-37580?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST