CVE-2024-57432

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jan 31, 2025

Updated: Feb 3, 2025

CWE ID 863

Summary

CVE-2024-57432 is a vulnerability affecting the macrozheng mall-tiny 1.0.1 application. The issue lies in the insecure handling of JWT (JSON Web Token) signing keys, which are hardcoded and do not change. This leads to a significant risk, as user information is explicitly written into the JWT and used for privilege management. An attacker can exploit this vulnerability by forging a JWT of any user, enabling them to bypass authentication.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T54cW
https://www.cve.org/CVERecord?id=CVE-2024-57432
https://nvd.nist.gov/vuln/detail/CVE-2024-57432

Back to Vulnerability Database

CVE-2024-57432

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations