Lucene search
+L

130 matches found

CNNVD
CNNVD
added 2022/05/17 12:0 a.m.6 views

Apache ShenYu 安全漏洞

A denial-of-service vulnerability exists in Apache ShenYu, an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to pass in malicious regular...

7.5CVSS7.2AI score0.02487EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.8 views

PT-2022-17983 · Apache · Apache Shenyu

Name of the Vulnerable Software and Affected Versions: Apache ShenYu incubating versions 2.4.0 through 2.4.2 Description: The issue arises from the use of Pattern.matches in RegexPredicateJudge.java, where both parameters are controllable by the user. This allows an attacker to pass in malicious...

7.5CVSS7.3AI score0.02487EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.6 views

The vulnerability of the Apache ShenYu software lies in the lack of authorization for critical functions, which allows attackers to circumvent established security restrictions.

The vulnerability of the Apache ShenYu software lies in the lack of authorization for critical functions. Exploiting this vulnerability allows a malicious actor to bypass established security restrictions and gain access to the /plugin API without being authorized...

9.4CVSS7.8AI score0.79007EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.7 views

The vulnerability of the Apache ShenYu software lies in the insufficient protection of registration data, allowing attackers to obtain user registration data.

The vulnerability of the Apache ShenYu software is related to insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain user registration data through a specially crafted HTTP request...

7.8CVSS7.2AI score0.04306EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.8 views

The vulnerability of the Apache ShenYu software lies in the lack of authorization for critical functions, allowing attackers to circumvent established security restrictions.

The vulnerability of the Apache ShenYu software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to circumvent established security restrictions remotely...

7.8CVSS7.2AI score0.03771EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.9 views

The vulnerability of the Apache ShenYu software lies in its incorrect code generation management, allowing attackers to execute arbitrary code.

The vulnerability of the Apache ShenYu software is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using Groovy Code injection or SpEL injection...

10CVSS8.2AI score0.06029EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/28 10:14 p.m.31 views

Missing authentication in ShenYu

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

7.5CVSS1.7AI score0.03771EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/28 10:14 p.m.4 views

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23945 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23945 Source advisory: OSV:GHSA-7RJP-FGWJ-47RW...

7.5CVSS7.1AI score0.03771EPSS
Exploits0
OSV
OSV
added 2022/01/28 10:14 p.m.6 views

GHSA-7RJP-FGWJ-47RW Missing authentication in ShenYu

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

7.5CVSS5.9AI score0.03771EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/01/28 10:13 p.m.27 views

Password exposure in ShenYu

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

7.5CVSS7.3AI score0.04306EPSS
Exploits1References8Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/28 10:13 p.m.9 views

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23223 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23223 Source advisory: OSV:GHSA-7WQ4-89XX-G62J...

7.5CVSS7.1AI score0.04306EPSS
Exploits1
OSV
OSV
added 2022/01/28 10:13 p.m.2 views

GHSA-7WQ4-89XX-G62J Password exposure in ShenYu

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

7.5CVSS5.8AI score0.04306EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2022/01/28 10:13 p.m.5 views

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23944 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23944 Source advisory: OSV:GHSA-6V39-P2XQ-G5C3...

9.1CVSS7.2AI score0.79007EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/01/28 10:13 p.m.37 views

Missing authentication in ShenYu

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.1CVSS3.3AI score0.79007EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/01/28 10:13 p.m.3 views

GHSA-6V39-P2XQ-G5C3 Missing authentication in ShenYu

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.1CVSS5.8AI score0.79007EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/01/28 10:13 p.m.40 views

Code injection in ShenYu

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.8CVSS3.2AI score0.06029EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/28 10:13 p.m.10 views

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2021-45029 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2021-45029 Source advisory: OSV:GHSA-GH38-X2WM-XMC8...

9.8CVSS7.2AI score0.06029EPSS
Exploits0
OSV
OSV
added 2022/01/28 10:13 p.m.33 views

GHSA-GH38-X2WM-XMC8 Code injection in ShenYu

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.8CVSS7.3AI score0.06029EPSS
Exploits0References5
CNVD
CNVD
added 2022/01/27 12:0 a.m.49 views

Apache ShenYu Code Injection Vulnerability

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

9.8CVSS9.9AI score0.06029EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/27 12:0 a.m.15 views

Apache ShenYu Information Disclosure Vulnerability

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . An information disclosure vulnerability exists in Apache ShenYu versions 2.4.0 and 2.4.1, which arises from a configuration or other error in the operation...

7.5CVSS7.1AI score0.04306EPSS
Exploits1References1
Rows per page
Query Builder