GCVE - cpe:2.3:a:dromara:sa-token:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dromara:sa-token:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Dromara (`b947c778-a342-54de-aeca-3412ce9a5af8`)
Product	Sa Token (`c522151f-f5e8-5d7c-8442-2e75b216b536`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/dromara/sa-token`	purl2cpe	2026-06-01 10:16:59.803548

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-15222`	vulnerable	2026-06-08 07:06:35.897372	Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization MEDIUM (5) A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-12-30T05:32:05.705Z Updated: 2025-12-30T14:56:32.958Z Open on db.gcve.eu Reference links https://vuldb.com/?id.338607 https://vuldb.com/?ctiid.338607 https://vuldb.com/?submit.717703 https://github.com/Yohane-Mashiro/satoken-deserialization	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-15117`	vulnerable	2026-06-08 07:06:35.731581	Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization LOW (3.1) A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-12-28T02:32:05.652Z Updated: 2025-12-29T16:39:15.402Z Open on db.gcve.eu Reference links https://vuldb.com/?id.338495 https://vuldb.com/?ctiid.338495 https://vuldb.com/?submit.711750 https://github.com/Yohane-Mashiro/Sa-Token-cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-44794`	vulnerable	2026-06-08 06:12:41.491942	Details available An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. Published: 2023-10-25T00:00:00.000Z Updated: 2024-09-12T14:31:44.414Z Open on db.gcve.eu Reference links https://github.com/dromara/Sa-Token/issues/515	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-43961`	vulnerable	2026-06-08 06:12:38.193320	Details available An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Published: 2023-10-25T00:00:00.000Z Updated: 2024-09-11T19:34:53.071Z Open on db.gcve.eu Reference links https://github.com/dromara/Sa-Token/issues/511	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.