漏洞描述
ShenYu(原名 Soul)是一款高性能,响应式的网关,同时也是应用于所有微服务场景的,可扩展、高性能、响应式的 API网关解决方案。由于ShenyuAdminBootstrap中JWT的错误使用,导致攻击者可以绕过身份验证,直接进入目标系统后台。
Apache ShenYu未授权访问漏洞
PoC代码
暂无相关漏洞推荐
-
CVE-2021-37580: Apache ShenYu Admin JWT authentication bypass POC
2025-09-01 | Apache ShenYuA flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an ... -
CVE-2022-23944: Apache ShenYu Admin Unauth Access POC
2025-09-01 | Apache ShenYuApache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api ... -
CVE-2021-37580: Apache ShenYu Admin JWT - Authentication Bypass POC
2025-08-01 | Apache ShenYuApache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of... -
SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC
2025-09-22 00:22:31 | SourceCodester Pet Grooming Management SoftwareSourceCodester Pet Grooming Management Software是SourceCodester开源的一个宠物美容管理系统。 SourceCodester Pet Groo... -
D-Link DIR-645 命令注入漏洞 无POC
2025-09-22 00:22:31 | D-Link DIR-645D-Link DIR-645是中国友讯(D-Link)公司的一款无线路由器。 D-Link DIR-645 105B01版本存在命令注入漏洞,该漏洞源于对文件/soap.cgi中参数service的错...