CVE-2023-43961: 
Java vulnerability analysis and mitigation

An authentication bypass vulnerability was discovered in Dromara SaToken version 1.3.50RC and earlier when using Spring dynamic controllers. The vulnerability, tracked as CVE-2023-43961, allows attackers to bypass authentication through specially crafted requests. The issue was fixed in version 1.36.0 (NVD, GitHub Issue).

The vulnerability stems from differential handling of URIs between SaToken and Spring. When configuring path restrictions (e.g., '/admin/password'), an attacker could bypass permission verification by appending a trailing slash (e.g., '/admin/password/'). This occurs because AntPathMatcher treats '/admin/password' and '/admin/password/' as different paths, while Spring handles them as the same resource. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows authenticated users to bypass authorization controls and access restricted resources. This could lead to unauthorized access to administrative functions and sensitive data, potentially compromising the security of the entire application (GitHub Issue).

Users should upgrade to SaToken version 1.36.0 or later, which contains the fix for this vulnerability (NVD).