130 matches found
Apache ShenYu Access Control Error Vulnerability (CNVD-2022-18269)
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...
Apache ShenYu Code Injection Vulnerability
Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...
Insecure Access Control
shenyu has insecure access control. The vulnerability exists due to a lack of validation of the user access via the /plugin api allowing an attacker to access the system without authentication...
Remote Code Execution (RCE)
shenyu is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization of database query language input to the system, allowing an attacker to inject maliciously crafted script via the query...
Missing Authentication
shenyu is vulnerable to missing authentication. The vulnerability exists due to a lack of validation in user authentication allows attackers to register for the gateway...
Information Disclosure
shenyu-plugin-cryptor is vulnerable to information disclosure. The vulnerability exists due to the insufficiently protected credentials in the library, allowing an attacker to gain users sensitive information through the HTTP response...
CVE-2022-23944
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2022-23223
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...
CVE-2022-23945
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2022-23945
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2022-23223
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...
CVE-2022-23944
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2021-45029
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2021-45029
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2021-45029
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
Code injection
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
Code injection
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...
Authentication flaw
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
Authentication flaw
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...