Lucene search
K

130 matches found

OSV
OSV
added 2023/02/15 9:38 a.m.18 views

CVE-2022-42735 Apache ShenYu Admin ultra vires

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch...

8.8CVSS7.2AI score0.0119EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.3 views

Apache ShenYu 安全漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . An authorization issue vulnerability exists in Apache ShenYu versions prior to 2.5.1, which stems from improper privilege management and can be exploited b...

8.8CVSS6.8AI score0.0119EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/09/02 12:1 a.m.10 views

io.github.shuigedeng:taotao-cloud-starter-agent (>=2022.09 <=2022.10), io.github.shuigedeng:taotao-cloud-starter-apt (>=2022.09 <=2022.10) +234 more potentially affected by CVE-2022-37435 via org.apache.shenyu:shenyu-common (>=2.4.2 <=2.4.3)

org.apache.shenyu:shenyu-common MAVEN version =2.4.2, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.10 and more Source cves: CVE-2022-37435 Source advisory: OSV:GHSA-FJJW-82XW-VFC2https:...

8.8CVSS7.2AI score0.01151EPSS
Exploits0
OSV
OSV
added 2022/09/02 12:1 a.m.29 views

GHSA-FJJW-82XW-VFC2 Apache ShenYu Admin has insecure permissions

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue...

8.8CVSS8.6AI score0.01151EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/02 12:1 a.m.31 views

Apache ShenYu Admin has insecure permissions

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue...

8.8CVSS8.3AI score0.01151EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/01 2:15 p.m.2 views

CVE-2022-37435

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...

8.8CVSS7.3AI score0.01151EPSS
Exploits0References2
NVD
NVD
added 2022/09/01 2:15 p.m.30 views

CVE-2022-37435

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...

8.8CVSS0.01151EPSS
Exploits0References1
Prion
Prion
added 2022/09/01 2:15 p.m.20 views

Design/Logic Flaw

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...

6.5CVSS8.6AI score0.01151EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/01 2:0 p.m.82 views

CVE-2022-37435

CVE-2022-37435 concerns Apache ShenYu Admin insecure permissions that may let a low-privilege administrator modify a high-privilege administrator’s password, enabling privilege escalation. Affected versions: ShenYu Admin 2.4.2 and 2.4.3. Root cause, per multiple sources, is improper/unsafe permis...

8.8CVSS8.6AI score0.01151EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/01 2:0 p.m.35 views

CVE-2022-37435 Apache ShenYu Admin Improper Privilege Management

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...

8.8AI score0.01151EPSS
Exploits0References1
OSV
OSV
added 2022/09/01 2:0 p.m.15 views

CVE-2022-37435 Apache ShenYu Admin Improper Privilege Management

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...

8.8CVSS7.2AI score0.01151EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.5 views

Apache ShenYu 安全漏洞

Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation. A security vulnerability exists in Apache ShenYu Admin versions 2.4.2 and 2.4.3, which stems from an insecure privilege that could allow a low-privileged administrator to change...

8.8CVSS7.9AI score0.01151EPSS
Exploits0References2
CNVD
CNVD
added 2022/05/19 12:0 a.m.12 views

Apache ShenYu Denial of Service Vulnerability

A denial-of-service vulnerability exists in Apache ShenYu, an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to pass in malicious regular...

7.5CVSS4.3AI score0.02487EPSS
Exploits0References1
Veracode
Veracode
added 2022/05/18 3:45 a.m.22 views

Regular Expression Denial Of Service (ReDoS)

org.apache.shenyu:shenyu-plugin-base is vulnerable to regular expression denial of service ReDoS attacks. Both conditionData and realData parameters in judge function in RegexPredicateJudge.java are user controlled entities. A remote attacker is able to cause resource exhaustion by passing...

7.5CVSS7.2AI score0.02487EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/18 12:0 a.m.9 views

GHSA-CW56-J3FM-7W57 Regular expression denial of service in Apache ShenYu

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

7.5CVSS5.9AI score0.02487EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/18 12:0 a.m.33 views

Regular expression denial of service in Apache ShenYu

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

7.5CVSS7AI score0.02487EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/05/17 8:15 a.m.4 views

CVE-2022-26650

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

7.5CVSS7.1AI score0.02487EPSS
Exploits0References3
OSV
OSV
added 2022/05/17 8:5 a.m.22 views

CVE-2022-26650 Apache ShenYu (incubating) Regular expression denial of service

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

7.5CVSS7.1AI score0.02487EPSS
Exploits0References4
CVE
CVE
added 2022/05/17 8:5 a.m.99 views

CVE-2022-26650

CVE-2022-26650 (Apache ShenYu) concerns a denial of service caused by user-controllable inputs in ShenYu-Bootstrap’s RegexPredicateJudge.java, where Pattern.matches(conditionData.getParamValue(), realData) can be triggered by crafted regular expressions and characters. Affected versions are Apach...

7.5CVSS7.3AI score0.02487EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/17 8:5 a.m.29 views

CVE-2022-26650 Apache ShenYu (incubating) Regular expression denial of service

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

7.5AI score0.02487EPSS
Exploits0References2
Rows per page
Query Builder