Lucene search
GoogleOSV:GHSA-7WQ4-89XX-G62JHistoryJan 28, 2022 - 10:13 p.m.
Password exposure in ShenYu
2022-01-2822:13:57
Google
osv.dev
6
0.002 Low
EPSS
Percentile
54.6%
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.shenyu:shenyu-common | eq | 2.4.1 | |
| org.apache.shenyu:shenyu-common | eq | 2.4.0 |
References
www.openwall.com/lists/oss-security/2022/01/25/7
www.openwall.com/lists/oss-security/2022/01/26/4
github.com/apache/incubator-shenyu
github.com/apache/incubator-shenyu/releases/tag/v2.4.2
github.com/apache/shenyu/commit/0e826ceae97a1258cb15c73a3072118c920e8654
github.com/apache/shenyu/pull/2357
lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
nvd.nist.gov/vuln/detail/CVE-2022-23223
Related
nvd
nvd
CVE-2022-23223
2022-01-25 13:15:08
cnvd
cnvd
Apache ShenYu Information Disclosure Vulnerability
2022-01-27 00:00:00
github
github
Password exposure in ShenYu
2022-01-28 22:13:57
osv
osv
CVE-2022-23223
2022-01-25 13:15:08
cve
cve
CVE-2022-23223
2022-01-25 13:15:08
prion
prion
Code injection
2022-01-25 13:15:00
cvelist
cvelist
CVE-2022-23223 Apache ShenYu Password leakage
2022-01-25 13:00:22
veracode
veracode
Information Disclosure
2022-01-26 03:50:09