4 matches found
org.apache.shenyu:shenyu-admin-dist (>=2.4.0 <=2.4.3) potentially affected by CVE-2023-25753 via org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.3)
org.apache.shenyu:shenyu-admin MAVEN version =2.4.0, =2.4.0, =2.4.3 Source cves: CVE-2023-25753 Source advisory: OSV:GHSA-7W8V-5FCQ-PVQW...
com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), io.github.shuigedeng:taotao-cloud-starter-actuator (=2023.08) +330 more potentially affected by CVE-2023-25753 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.5.1)
org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2022.09, =2023.2.01, =2022.11, =2022.11, =2022.11, =2022.09, =2023.02, =2022.11, =2022.11, =2023.04, =2022.11, =2022.11, =2022.09, =2022.10 and more Source cves: CVE-2023-25753 Source a...
CVE-2023-25753 Server-Side Request Forgery in Apache ShenYu
There exists an SSRF Server-Side Request Forgery vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability...
CVE-2023-25753
CVE-2023-25753 affects Apache ShenYu 2.5.1. The vulnerability is a Server-Side Request Forgery (SSRF) at the /sandbox/proxyGateway endpoint, allowing an attacker to inject arbitrary URLs via the requestUrl parameter and manipulate the resulting HTTP request. The issue enables control over the HTT...