CVE-2023-31579

Name of the Vulnerable Software and Affected Versions Dromara Lamp-Cloud versions prior to 3.8.1

Description The issue is related to the use of a hardcoded cryptographic key when creating and verifying a Json Web Token. This allows attackers to authenticate to the application via a crafted JWT token.

Recommendations For versions prior to 3.8.1, update to version 3.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to JWT token creation and verification functions until the update is applied.