CNNVD-202509-2933 Information

CNNVD ID

CNNVD-202509-2933

Related CVE

CVE-2025-10671

• CNNVD Published: 2025-09-18

Description (Chinese)

e-learning是youth-is-as-pale-as-poetry个人开发者的一个考试系统。 e-learning 1.0版本存在安全特征问题漏洞，该漏洞源于JWT Token Handler组件中JwtUtils.java文件的encryptSecret函数生成随机值不足，可能导致远程攻击。

Description (English)

e-Learning is an examination system for the personal developer Youth-is-as-pale-as-poetry. Version 1.0 of e-Learning has a security feature loophole, which stems from the lack of a random value generated by the encryptSecret function of the JwtUtils.java file in the JWT Token Handler component, which could lead to a remote attack.

Hazard Level

Critical

Vulnerability Type

安全特征问题

Affected Vendor

个人开发者

Published

2025-09-18

Last Modified

2026-02-24

References

https://github.com/SuJing-cy/CVE/blob/main/yfhl.md https://vuldb.com/?ctiid.324792 https://vuldb.com/?id.324792 https://vuldb.com/?submit.653029