A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function
.
doFilterInternal
of the file travels-java-api-mastersrcmainjavaiogithubmariazevedo88travelsjavaapifiltersJwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key.
This vulnerability is handled as CVE-2024-10920. The attack may be launched remotely. Furthermore, there is an exploit available.