Vulnerability	Vulnerable Version
M Authentication Bypass Affected versions of this package are vulnerable to Authentication Bypass via a crafted payload to the URL. An attacker can escalate privileges by sending a malicious payload. Note Exploiting this vulnerability is possible if using a vulnerable version of this package with SpringBoot version >= 2.3.1.RELEASE or Spring version >= 5.3.0. How to fix Authentication Bypass? Upgrade `cn.dev33:sa-token-core` to version 1.37.0 or higher.	[,1.37.0)
M Improper Authentication Affected versions of this package are vulnerable to Improper Authentication when using Spring dynamic controllers, an attacker can bypass authentication by sending a specially crafted request. How to fix Improper Authentication? Upgrade `cn.dev33:sa-token-core` to version 1.36.0 or higher.	[,1.36.0)

Authentication Bypass

Affected versions of this package are vulnerable to Authentication Bypass via a crafted payload to the URL. An attacker can escalate privileges by sending a malicious payload.

Note

Exploiting this vulnerability is possible if using a vulnerable version of this package with SpringBoot version >= 2.3.1.RELEASE or Spring version >= 5.3.0.

How to fix Authentication Bypass?

Upgrade cn.dev33:sa-token-core to version 1.37.0 or higher.

[,1.37.0)

Improper Authentication

Affected versions of this package are vulnerable to Improper Authentication when using Spring dynamic controllers, an attacker can bypass authentication by sending a specially crafted request.

How to fix Improper Authentication?

Upgrade cn.dev33:sa-token-core to version 1.36.0 or higher.

[,1.36.0)

Go back to all versions of this package