130 matches found
CVE-2022-42735 Apache ShenYu Admin ultra vires
Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch...
Apache ShenYu 安全漏洞
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . An authorization issue vulnerability exists in Apache ShenYu versions prior to 2.5.1, which stems from improper privilege management and can be exploited b...
io.github.shuigedeng:taotao-cloud-starter-agent (>=2022.09 <=2022.10), io.github.shuigedeng:taotao-cloud-starter-apt (>=2022.09 <=2022.10) +234 more potentially affected by CVE-2022-37435 via org.apache.shenyu:shenyu-common (>=2.4.2 <=2.4.3)
org.apache.shenyu:shenyu-common MAVEN version =2.4.2, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.09, =2022.10 and more Source cves: CVE-2022-37435 Source advisory: OSV:GHSA-FJJW-82XW-VFC2https:...
GHSA-FJJW-82XW-VFC2 Apache ShenYu Admin has insecure permissions
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue...
Apache ShenYu Admin has insecure permissions
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue...
CVE-2022-37435
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...
CVE-2022-37435
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...
Design/Logic Flaw
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...
CVE-2022-37435
CVE-2022-37435 concerns Apache ShenYu Admin insecure permissions that may let a low-privilege administrator modify a high-privilege administrator’s password, enabling privilege escalation. Affected versions: ShenYu Admin 2.4.2 and 2.4.3. Root cause, per multiple sources, is improper/unsafe permis...
CVE-2022-37435 Apache ShenYu Admin Improper Privilege Management
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...
CVE-2022-37435 Apache ShenYu Admin Improper Privilege Management
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...
Apache ShenYu 安全漏洞
Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation. A security vulnerability exists in Apache ShenYu Admin versions 2.4.2 and 2.4.3, which stems from an insecure privilege that could allow a low-privileged administrator to change...
Apache ShenYu Denial of Service Vulnerability
A denial-of-service vulnerability exists in Apache ShenYu, an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to pass in malicious regular...
Regular Expression Denial Of Service (ReDoS)
org.apache.shenyu:shenyu-plugin-base is vulnerable to regular expression denial of service ReDoS attacks. Both conditionData and realData parameters in judge function in RegexPredicateJudge.java are user controlled entities. A remote attacker is able to cause resource exhaustion by passing...
GHSA-CW56-J3FM-7W57 Regular expression denial of service in Apache ShenYu
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...
Regular expression denial of service in Apache ShenYu
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...
CVE-2022-26650
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...
CVE-2022-26650 Apache ShenYu (incubating) Regular expression denial of service
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...
CVE-2022-26650
CVE-2022-26650 (Apache ShenYu) concerns a denial of service caused by user-controllable inputs in ShenYu-Bootstrap’s RegexPredicateJudge.java, where Pattern.matches(conditionData.getParamValue(), realData) can be triggered by crafted regular expressions and characters. Affected versions are Apach...
CVE-2022-26650 Apache ShenYu (incubating) Regular expression denial of service
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...