إرسال #628233: linlinjava litemall ≤ v1.8.0 Hardcoded JWT Secret(CWE-798)المعلومات

عنوانlinlinjava litemall ≤ v1.8.0 Hardcoded JWT Secret(CWE-798)
الوصفA hardcoded JWT secret vulnerability exists in Litemall versions ≤ 1.8.0. The issue is located in: litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java The developers hardcoded the JWT secret directly into the source code, resulting in a predictable and static key for signing JSON Web Tokens (JWTs). This weakness enables attackers to forge valid JWTs, potentially leading to privilege escalation and unauthorized access.
المصدر⚠️ https://github.com/linlinjava/litemall/issues/568
المستخدم
 ez-lbz (UID 87033)
ارسال04/08/2025 05:16 PM (11 أشهر منذ)
الاعتدال13/08/2025 06:26 PM (9 days later)
الحالةتمت الموافقة
إدخال VulDB319970 [linlinjava litemall حتى 1.8.0 JSON Web Token JwtHelper.java SECRET توثيق ضعيف]
النقاط20

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!