VYPR

Maven package

cn.hippo4j/hippo4j-core

pkg:maven/cn.hippo4j/hippo4j-core

Vulnerabilities (2)

  • CVE-2025-51606HigAug 21, 2025
    affected >= 1.0.0, <= 1.5.0

    hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability p

  • CVE-2023-27095Mar 16, 2023
    affected <= 1.4.3

    Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.