CVE-2024-8297

Name of the Vulnerable Software and Affected Versions: kitsada8621 Digital Library Management System version 1.0

Description: A vulnerability was found in the kitsada8621 Digital Library Management System. It has been classified as problematic and affects the function JwtRefreshAuth of the file middleware/jwt refresh token middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely.

Recommendations: To fix this issue, apply the patch 81b3336b4c9240f0bf50c13cb8375cf860d945f1 to the kitsada8621 Digital Library Management System version 1.0. As a temporary workaround, consider disabling the JwtRefreshAuth function until the patch is applied. Restrict access to the middleware/jwt refresh token middleware.go file to minimize the risk of exploitation. Avoid using the Authorization argument in the affected API endpoint until the issue is resolved.