130 matches found
Apache ShenYu 安全漏洞
A denial-of-service vulnerability exists in Apache ShenYu, an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to pass in malicious regular...
PT-2022-17983 · Apache · Apache Shenyu
Name of the Vulnerable Software and Affected Versions: Apache ShenYu incubating versions 2.4.0 through 2.4.2 Description: The issue arises from the use of Pattern.matches in RegexPredicateJudge.java, where both parameters are controllable by the user. This allows an attacker to pass in malicious...
The vulnerability of the Apache ShenYu software lies in the lack of authorization for critical functions, which allows attackers to circumvent established security restrictions.
The vulnerability of the Apache ShenYu software lies in the lack of authorization for critical functions. Exploiting this vulnerability allows a malicious actor to bypass established security restrictions and gain access to the /plugin API without being authorized...
The vulnerability of the Apache ShenYu software lies in the insufficient protection of registration data, allowing attackers to obtain user registration data.
The vulnerability of the Apache ShenYu software is related to insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain user registration data through a specially crafted HTTP request...
The vulnerability of the Apache ShenYu software lies in the lack of authorization for critical functions, allowing attackers to circumvent established security restrictions.
The vulnerability of the Apache ShenYu software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to circumvent established security restrictions remotely...
The vulnerability of the Apache ShenYu software lies in its incorrect code generation management, allowing attackers to execute arbitrary code.
The vulnerability of the Apache ShenYu software is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using Groovy Code injection or SpEL injection...
Missing authentication in ShenYu
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23945 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)
org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23945 Source advisory: OSV:GHSA-7RJP-FGWJ-47RW...
GHSA-7RJP-FGWJ-47RW Missing authentication in ShenYu
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
Password exposure in ShenYu
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...
com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23223 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)
org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23223 Source advisory: OSV:GHSA-7WQ4-89XX-G62J...
GHSA-7WQ4-89XX-G62J Password exposure in ShenYu
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...
com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23944 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)
org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23944 Source advisory: OSV:GHSA-6V39-P2XQ-G5C3...
Missing authentication in ShenYu
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
GHSA-6V39-P2XQ-G5C3 Missing authentication in ShenYu
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
Code injection in ShenYu
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2021-45029 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)
org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2021-45029 Source advisory: OSV:GHSA-GH38-X2WM-XMC8...
GHSA-GH38-X2WM-XMC8 Code injection in ShenYu
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
Apache ShenYu Code Injection Vulnerability
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...
Apache ShenYu Information Disclosure Vulnerability
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . An information disclosure vulnerability exists in Apache ShenYu versions 2.4.0 and 2.4.1, which arises from a configuration or other error in the operation...