What is CVE-2021-37580?

CVE-2021-37580 is a vulnerability in Apache Software Foundation Shenyu Admin, classified under Improper Authentication. Published 2021-11-16.

Is CVE-2021-37580 known to be exploited?

42 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Apache Software Foundation Shenyu Admin

CVE-2021-37580

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Vulnerability class: Broken Authentication

EPSS: 0.940 (99.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Shenyu Admin — versions Apache ShenYu Admin 2.3.0-2.4.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb (x_refsource_MISC)
[oss-security] 20211116 CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-37580?: CVE-2021-37580 is a vulnerability in Apache Software Foundation Shenyu Admin, classified under Improper Authentication. Published 2021-11-16.
Is CVE-2021-37580 known to be exploited?: 42 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.