130 matches found
CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2022-23944
CVE-2022-23944 affects Apache ShenYu 2.4.0 and 2.4.1, introducing an unauthenticated access flaw where the /plugin API can be reached without credentials. Impact described across sources includes unauthorized access to sensitive information and potential admin-panel compromise. The issue originat...
CVE-2022-23223 Apache ShenYu Password leakage
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...
CVE-2022-23223
On Apache ShenYu, versions 2.4.0 and 2.4.1 contain an information disclosure flaw where an endpoint exposed user passwords in HTTP responses. The root cause is tied to how passwords were disclosed by the affected endpoints, as reported across CVE records and vendor advisories. Mitigation is to up...
CVE-2022-23223 Apache ShenYu Password leakage
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...
CVE-2021-45029 Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2021-45029
CVE-2021-45029 describes a vulnerability in Apache ShenYu affecting versions 2.4.0 and 2.4.1, caused by Groovy Code Injection and SpEL Injection that can lead to Remote Code Execution. Publicly available details in the provided documents confirm the vulnerability type and affected versions, with ...
Apache ShenYu 访问控制错误漏洞
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway . An access control error vulnerability exists in Apache ShenYu version 2.4.0 and 2.4.1. An attacker can exploit this vulnerability to access the /plugin api without authentication, compromising system...
PT-2022-1763 · Apache · Apache Shenyu
Name of the Vulnerable Software and Affected Versions: Apache ShenYu versions 2.4.0 through 2.4.1 Description: The issue is related to insufficient protection of registration data, allowing a remote attacker to obtain user registration data using a specially crafted HTTP request. This can lead to...
Apache ShenYu 代码注入漏洞
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...
Apache ShenYu 访问控制错误漏洞
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...
Apache ShenYu 信息泄露漏洞
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . An information disclosure vulnerability exists in Apache ShenYu versions 2.4.0 and 2.4.1, which arises from a configuration or other error in the operation...
Apache ShenYu Admin Authentication Bypass (CVE-2021-37580)
A authentication bypass vulnerability exists in the Apache ShenYu Admin. The vulnerability is due to improper handling of the incoming HTTP requests...
Privilege Escalation
shenyu-admin is vulnerable to privilege escalation. The vulnerability exists due to an incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication...
Improper Authentication in Apache ShenYu Admin
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...
GHSA-VPFP-5GWQ-G533 Improper Authentication in Apache ShenYu Admin
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...
org.apache.shenyu:shenyu-admin-dist (=2.4.0) potentially affected by CVE-2021-37580 via org.apache.shenyu:shenyu-admin (=2.4.0)
org.apache.shenyu:shenyu-admin MAVEN version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shenyu:shenyu-admin and may be impacted: - org.apache.shenyu:shenyu-admin-dist =2.4.0 Source cves: CVE-2021-37580 Source advisory:...