CVE-2023-44794: SaToken privilege escalation vulnerability

October 25, 2023 (updated September 12, 2024)

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.

References

github.com/advisories/GHSA-54f6-9mx9-86f7
github.com/dromara/Sa-Token
github.com/dromara/Sa-Token/commit/954efeb73277f924f836da2a25322ea35ee1bfa3
github.com/dromara/Sa-Token/issues/515
nvd.nist.gov/vuln/detail/CVE-2023-44794

Code Behaviors & Features

Detect and mitigate CVE-2023-44794 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →