{"id":"CVE-2021-37580","details":"A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0","aliases":["GHSA-vpfp-5gwq-g533"],"modified":"2026-05-28T04:06:54.361215696Z","published":"2021-11-16T10:15:07.220Z","database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","cpes":["cpe:2.3:a:apache:shenyu:2.3.0:*:*:*:*:*:*:*"],"vendor_product":"apache:shenyu","extracted_events":[{"last_affected":"2.3.0"}]}]},"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/11/16/1"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/shenyu","events":[{"introduced":"0"},{"last_affected":"e86d41e84ee52cca1d71fb7e5252fd27b9d1edbd"},{"last_affected":"dc841a2720ea0b5a6ca71f1b9c1aa7958d241f16"}],"database_specific":{"cpe":["cpe:2.3:a:apache:shenyu:2.3.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:shenyu:2.4.0:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"introduced":"0"},{"last_affected":"2.3.0"},{"last_affected":"2.4.0"}]}}],"versions":["v2.4.0","2.3.0","1.0.5","1.0.4","1.0.3","1.0.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37580.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}