Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical security risk in systems where authentication and authorization rely on the integrity of JWTs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
hippo4j 安全漏洞
Vulnerability Description
hippo4j是opengoofy开源的一个异步线程池框架。 hippo4j 1.0.0至1.5.0版本存在安全漏洞,该漏洞源于JWT创建中使用硬编码密钥,可能导致伪造有效访问令牌。
CVSS Information
N/A
Vulnerability Type
N/A