RSS   Vulnerabilities for 'YAPI'   RSS

2021-03-01
 
CVE-2021-27884

CWE-330
 

 
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.

 
2018-09-28
 
CVE-2018-17574

CWE-79
 

 
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.

 


Copyright 2021, cxsecurity.com

 

Back to Top