CVE-2023-44794: 
Java vulnerability analysis and mitigation

An issue in Dromara SaToken version 1.36.0 and before was discovered that allows remote attackers to escalate privileges through a crafted payload to the URL. The vulnerability affects systems using SaToken with SpringBoot version 2.3.1.RELEASE or later, or Spring version 5.3.0 or later (NVD, GitHub Issue).

The vulnerability stems from differential handling of URIs between SaToken and Spring frameworks. The authentication bypass occurs due to SaToken and Spring Boot/Spring using different pattern-matching techniques. The root cause lies in SaRequestForServlet.getRequestPath() function using HttpServletRequest.getServletPath() to obtain standardized servlet paths, while Spring's path handling differs in versions after 2.3.1.RELEASE. The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows remote attackers to bypass authentication mechanisms and escalate privileges, potentially gaining unauthorized access to protected resources. This could lead to complete system compromise due to the critical nature of the authentication bypass (NVD).

Users should upgrade to SaToken version 1.37.0 or later to address this vulnerability. Alternatively, a temporary workaround is available by setting the Spring Boot configuration value: spring.mvc.pathmatch.matching-strategy = antpathmatcher (GitHub Issue).