CVE-2024-10920

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-10920

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10920.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10920

Published

2024-11-06T16:15:05Z

Modified

2025-10-21T17:23:46.450470Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/mariazevedo88/travels-java-api

Affected ranges

Type: GIT
Repo: https://github.com/mariazevedo88/travels-java-api
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3a7fd4cc36938666f09ee5945a28345763105075

Affected versions

v.*

v.1.0.0

v.2.0.0

v.2.0.1

v.3.0.0

v.3.0.1

v.3.0.2

v.3.0.3

v.3.1.0

v.3.1.1

v.3.1.2

v.3.1.3

v.4.0.0

v.5.0.0

v.5.0.1