CVE-2024-8005

Name of the Vulnerable Software and Affected Versions: demozx gf cms versions 1.0 through 1.0.1

Description: A critical issue has been found in the JWT Authentication component, specifically affecting the init function of the file internal/logic/auth/auth.go. This allows for the manipulation of hard-coded credentials, enabling remote attacks. The exploit for this issue has been publicly disclosed.

Recommendations: For demozx gf cms versions 1.0 through 1.0.1, upgrade to version 1.0.2, which includes the patch be702ada7cb6fdabc02689d90b38139c827458a5, to address this issue. As a temporary workaround, consider restricting access to the init function of the internal/logic/auth/auth.go file until the patch is applied.