-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability centers on JWT validation flaws enabling privilege escalation. Key functions were identified by: 1) Core token validation entry points (Token.validate), 2) Spring Security integration points (XsuaaJwtDecoder.decode), and 3) Servlet authentication handlers (XsuaaTokenAuthenticator.authenticate). The high confidence for Token.validate stems from its direct role in signature verification as described in advisories. Other functions are medium confidence based on architectural position and CWE mappings, though exact patch changes aren't visible.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.sap.cloud.security:java-security | maven | < 2.17.0 | 2.17.0 |
| com.sap.cloud.security:java-security | maven | >= 3.0.0, < 3.3.0 | 3.3.0 |
| com.sap.cloud.security.xsuaa:spring-xsuaa |
| maven |
| < 2.17.0 |
| 2.17.0 |
| com.sap.cloud.security.xsuaa:spring-xsuaa | maven | >= 3.0.0, < 3.3.0 | 3.3.0 |
| com.sap.cloud.security:spring-security | maven | < 2.17.0 | 2.17.0 |
| com.sap.cloud.security:spring-security | maven | >= 3.0.0, < 3.3.0 | 3.3.0 |
Ongoing coverage of React2Shell