Vulnerability Monitor

Type: Primary NVD-CWE-noinfo
Type: Secondary CWE-284

The vendors, products, and vulnerabilities you care about

CVE-2023-44794

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.

2023-10-25T18:17:32.863

2024-11-21T08:26:02.347

Modified

CVSSv3.1: 9.8 (CRITICAL)

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dromara	sa-token	< 1.37.0	Yes
Application	vmware	spring_boot	≥ 2.3.1	No
Application	vmware	spring_framework	≥ 5.3.0	No

https://github.com/dromara/Sa-Token/issues/515 Exploit, Issue Tracking, Vendor Advisory ([email protected])
https://github.com/dromara/Sa-Token/issues/515 Exploit, Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)