Apache · Apache Shenyu · CVE-2021-37580
**Name of the Vulnerable Software and Affected Versions**
Apache ShenYu versions 2.3.0 through 2.4.0
**Description**
A flaw was found in Apache ShenYu Admin, where the incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.
**Recommendations**
For versions 2.3.0 and 2.4.0, update to a version that fixes the authentication bypass issue.
As a temporary workaround, consider restricting access to the ShenyuAdminBootstrap component until a patch is available.
Avoid using the JWT authentication mechanism in the affected Apache ShenYu versions until the issue is resolved.