Apache ShenYu JWT身份绕过(CVE-2021-37580)

漏洞描述

ShenYu（原名 Soul）是一款高性能，响应式的网关，同时也是应用于所有微服务场景的，可扩展、高性能、响应式的 API网关解决方案。该框架由于JWT认证的不正确使用，导致Apache ShenYu2.3.0和2.4.0版本存在管理员认证绕过漏洞CVE-2021-37580。使用默认key+admin即可绕过jwt的认证

相关漏洞推荐

CVE-2021-37580: Apache ShenYu Admin JWT authentication bypass POC

2025-09-01 | Apache ShenYu

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an ...
CVE-2022-23944: Apache ShenYu Admin Unauth Access POC

2025-09-01 | Apache ShenYu

Apache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api ...
CVE-2021-37580: Apache ShenYu Admin JWT - Authentication Bypass POC

2025-08-01 | Apache ShenYu

Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of...
ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440）无POC

2025-09-12 | ShowDoc

ShowDoc 2.9.5版本存在一个高危的文件上传漏洞(CVE-2021-36440)，该漏洞源于系统未能对上传文件的类型进行充分验证。攻击者可以绕过安全限制上传任意类型的危险文件，包括但不限于PH...
CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC

2025-09-01 | Cisco HyperFlex HX Data Platform

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that coul...

漏洞描述

PoC代码

相关漏洞推荐

CVE-2021-37580: Apache ShenYu Admin JWT authentication bypass POC

CVE-2022-23944: Apache ShenYu Admin Unauth Access POC

CVE-2021-37580: Apache ShenYu Admin JWT - Authentication Bypass POC

ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440） 无POC

CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC

ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440）无POC