CVE-2024-10920

Name of the Vulnerable Software and Affected Versions travels-java-api versions up to 5.0.1

Description A vulnerability was found in the travels-java-api, classified as problematic. The issue affects the function doFilterInternal of the file travels-java-api-mastersrcmainjavaiogithubmariazevedo88travelsjavaapifiltersJwtAuthenticationTokenFilter.java of the component JWT Secret Handler. This leads to the use of a hard-coded cryptographic key. The attack can be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used.

Recommendations For travels-java-api versions up to 5.0.1, consider updating to a version that addresses the use of hard-coded cryptographic keys, as no specific fixed version is mentioned in the provided information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.