CVE-2021-37580 PoC — Apache ShenYu 授权问题漏洞

Source

https://github.com/Osyanina/westone-CVE-2021-37580-scanner

Associated Vulnerability

Title:Apache ShenYu 授权问题漏洞 (CVE-2021-37580)
Description:Apache ShenYu是美国阿帕奇（Apache）基金会的一个异步的，高性能的，跨语言的，响应式的 API 网关。 Apache ShenYu Admin 存在授权问题漏洞，该漏洞源于ShenyuAdminBootstrap 中 JWT 的错误使用允许攻击者绕过身份验证。

Description

A vulnerability scanner that detects CVE-2021-37580 vulnerabilities.

Readme

# westone-CVE-2021-37580-scanner  
Apache Shenyu is an extensible, high-performance and responsive API gateway solution applied to all micro service scenarios.  
An authentication bypass vulnerability exists in Apache Shenyu admin. The improper use of JWT in Shenyu admin bootstrap allows an attacker to bypass authentication, and the attacker can directly enter the system background through this vulnerability.  
# Installation & Usage  
git clone https://github.com/Osyanina/westone-CVE-2021-37580-scanner.git  
cd westone-CVE-2021-37580-scanner  
cmd CVE-2021-37580.exe  
# Repair suggestions  
Apache ShenYu 2.3.0   
Apache ShenYu 2.4.0

File Snapshot


 [4.0K]  /data/pocs/fedff2a37e61ede41dcd2aa29be13cf35270832e
└── [ 643]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!