CVE-2021-27884

Published March 1st, 2021

View on NVD ↗

CVSS v3

5.1

MEDIUM

CVSS v2

3.6

LOW

Affected

PROJECT

Description

Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.

YMFE/yapi

YApi 是一个可本地部署的、打通前后端及QA的、可视化的接口管理平台

GitHub

27.7K