dromara/Sa-Token

Releases42

Frequency1 month 2 weeks

Last Release 3 months ago

Stars18.9K

✨ 开源、免费、一站式 Java 权限认证框架，让鉴权变得简单、优雅！—— 登录认证、权限认证、分布式 Session 会话、微服务网关鉴权、SSO 单点登录、OAuth2.0 统一认证、jwt 集成、API Key 秘钥授权、API 参数签名

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-43961 ↗	Oct 25, 2023Wednesday, 25 October 2023, 18:17	8.8 HIGH	—
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVE-2023-44794 ↗	Oct 25, 2023Wednesday, 25 October 2023, 18:17	9.8 CRITICAL	—
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.