Maven package
cn.hippo4j/hippo4j-core
pkg:maven/cn.hippo4j/hippo4j-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-51606 | Hig | 8.8 | >= 1.0.0, <= 1.5.0 | — | Aug 21, 2025 | hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability p | |
| CVE-2023-27095 | — | <= 1.4.3 | — | Mar 16, 2023 | Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. |
- affected >= 1.0.0, <= 1.5.0
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability p
- CVE-2023-27095Mar 16, 2023affected <= 1.4.3
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.