Name of the Vulnerable Software and Affected Versions:

Datart versions up to 1.0.0-rc3

Description:

A vulnerability exists in Datart due to the use of a hard-coded cryptographic key within the `getTokensecret` function located in the `datart/security/src/main/java/datart/security/util/AESUtil.java` file of the API component. The issue is remotely exploitable and considered to have high complexity, though exploitation is difficult. The exploit has been publicly disclosed.

Recommendations:

Versions prior to 1.0.0-rc3: As a temporary workaround, consider restricting access to the `getTokensecret` function until a patch is available.