CVE-2023-44794
First published: Wed Oct 25 2023(Updated: )
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/cn.dev33:sa-token-core | <1.37.0 | 1.37.0 |
| Dromara Sa-token | <1.37.0 | |
| Vmware Spring Boot | >=2.3.1 | |
| VMware Spring Framework | >=5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in Dromara SaToken?
The vulnerability ID for this issue in Dromara SaToken is CVE-2023-44794.
What is the severity of CVE-2023-44794?
CVE-2023-44794 has a severity level of 9.8 (Critical).
How does the vulnerability in Dromara SaToken allow privilege escalation?
The vulnerability in Dromara SaToken allows a remote attacker to escalate privileges via a crafted payload to the URL.
Which version of Dromara SaToken is affected by this vulnerability?
Dromara SaToken version 1.36.0 and versions prior to 1.37.0 are affected by this vulnerability.
How can I remediate the vulnerability in Dromara SaToken?
To remediate the vulnerability in Dromara SaToken, update to version 1.37.0 or later.
- collector/mitre-cve
- collector/github-advisory-latest
- alias/GHSA-54f6-9mx9-86f7
- alias/CVE-2023-44794
- collector/nvd-api
- collector/nvd-cve
- collector/github-advisory
- package-manager/maven
- vendor/dromara
- product/sa-token
- canonical/dromara sa-token
- vendor/vmware
- product/spring boot
- canonical/vmware spring boot
- product/spring framework
- canonical/vmware spring framework