CVE-2024-10920 | mariazevedo88 travels-java-api up to 5.0.1 JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-mastersrcmainjavaiogithubmariazevedo88travelsjavaapifiltersJwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key
.

This vulnerability is handled as CVE-2024-10920. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-10920 | mariazevedo88 travels-java-api up to 5.0.1 JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key

Related Posts

CVE-2023-6616 | SourceCodester Simple Student Attendance System 1.0 index.php page cross site scripting

CVE-2023-49254 | Hongdian H8951-4G-ESP prior 2310271149 HTTP POST Request destination os command injection

CVE-2024-42357 | Shopware up to 6.5.8.12/6.6.5.0 API sql injection (GHSA-p6w9-r443-r752)

CVE-2023-49114 | Qognify VMS Client Viewer 7.1 uncontrolled search path