2 matches found
CVE-2023-44794
CVE-2023-44794 affects Dromara SaToken 1.36.0 and earlier. A remote attacker can escalate privileges by sending a crafted payload to the vulnerable URL, as described across multiple advisories (NVD, OSV, GHSA, IBM bulletin). The core impact stated is privilege escalation with high severity (CVSS ...
CVE-2023-43961
CVE-2023-43961 affects Dromara SaToken up to version 1.3.50RC (and earlier) when used with Spring dynamic controllers, enabling an authentication bypass via a specially crafted request. The issue is corroborated by multiple connected advisories (Red Hat, GHSA, OSV, NVD) describing an authenticati...