2 matches found
CVE-2025-51606
CVE-2025-51606 affects hippo4j versions 1.0.0 through 1.5.0. The root cause is a hard-coded secret key used during JWT creation, enabling an attacker with access to source code or binaries to forge valid tokens and impersonate any user, including privileged ones like admin. The NVD metrics assign...
hippo4j 安全漏洞
hippo4j is an asynchronous thread pooling framework from opengoofy open source. A security vulnerability exists in hippo4j versions 1.0.0 through 1.5.0, which stems from the use of hard-coded keys in JWT creation, which could lead to the forgery of valid access tokens...