Xubowenwo

**Name of the Vulnerable Software and Affected Versions** Dromara Lamp-Cloud versions prior to 3.8.1 **Description** The issue is related to the use of a hardcoded cryptographic key when creating and verifying a Json Web Token. This allows attackers to authenticate to the application via a crafted JWT token. **Recommendations** For versions prior to 3.8.1, update to version 3.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to JWT token creation and verification functions until the update is applied.