A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
9.8CVSS
9.1AI Score
0.876EPSS
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
9.8CVSS
9.7AI Score
0.013EPSS
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
9.1CVSS
9.1AI Score
0.387EPSS