Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.
CPE | Name | Operator | Version |
---|---|---|---|
top.tangyh.basic:lamp-util | lt | 3.8.1 | |
top.tangyh.basic:lamp-core | lt | 3.8.1 |