Lucene search
K

130 matches found

CNVD
CNVD
added 2022/01/27 12:0 a.m.18 views

Apache ShenYu Access Control Error Vulnerability (CNVD-2022-18269)

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

7.5CVSS7.5AI score0.03771EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/27 12:0 a.m.48 views

Apache ShenYu Code Injection Vulnerability

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

9.8CVSS9.9AI score0.06029EPSS
Exploits0References1
Veracode
Veracode
added 2022/01/26 8:17 a.m.15 views

Insecure Access Control

shenyu has insecure access control. The vulnerability exists due to a lack of validation of the user access via the /plugin api allowing an attacker to access the system without authentication...

9.1CVSS4.9AI score0.79007EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/01/26 4:44 a.m.21 views

Remote Code Execution (RCE)

shenyu is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization of database query language input to the system, allowing an attacker to inject maliciously crafted script via the query...

9.8CVSS4.7AI score0.06029EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/01/26 3:52 a.m.21 views

Missing Authentication

shenyu is vulnerable to missing authentication. The vulnerability exists due to a lack of validation in user authentication allows attackers to register for the gateway...

7.5CVSS5.4AI score0.03771EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/01/26 3:50 a.m.21 views

Information Disclosure

shenyu-plugin-cryptor is vulnerable to information disclosure. The vulnerability exists due to the insufficiently protected credentials in the library, allowing an attacker to gain users sensitive information through the HTTP response...

7.5CVSS2.7AI score0.04306EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/25 1:15 p.m.6 views

CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.1CVSS7.3AI score0.79007EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/01/25 1:15 p.m.21 views

CVE-2022-23223

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

7.5CVSS7.1AI score0.04306EPSS
Exploits1References4
NVD
NVD
added 2022/01/25 1:15 p.m.32 views

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

7.5CVSS0.03771EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/25 1:15 p.m.8 views

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

7.5CVSS7.1AI score0.03771EPSS
Exploits0References4
NVD
NVD
added 2022/01/25 1:15 p.m.31 views

CVE-2022-23223

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

7.5CVSS0.04306EPSS
Exploits1References3
NVD
NVD
added 2022/01/25 1:15 p.m.29 views

CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.1CVSS0.79007EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/01/25 1:15 p.m.2 views

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.8CVSS7.4AI score0.06029EPSS
Exploits0References4
NVD
NVD
added 2022/01/25 1:15 p.m.15 views

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.8CVSS0.06029EPSS
Exploits0References3
OSV
OSV
added 2022/01/25 1:15 p.m.15 views

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.8CVSS7.9AI score
Exploits0References3
Prion
Prion
added 2022/01/25 1:15 p.m.11 views

Code injection

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

7.5CVSS9.8AI score0.06029EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/01/25 1:15 p.m.22 views

Code injection

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

5CVSS7.5AI score0.04306EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/01/25 1:15 p.m.16 views

Authentication flaw

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

6.4CVSS9.2AI score0.79007EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/01/25 1:15 p.m.24 views

Authentication flaw

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

5CVSS7.7AI score0.03771EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/01/25 1:0 p.m.24 views

CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

7.9AI score0.03771EPSS
Exploits0References3
Rows per page
Query Builder