9 matches found
CVE-2022-23223
On Apache ShenYu, versions 2.4.0 and 2.4.1 contain an information disclosure flaw where an endpoint exposed user passwords in HTTP responses. The root cause is tied to how passwords were disclosed by the affected endpoints, as reported across CVE records and vendor advisories. Mitigation is to up...
CVE-2022-23945
CVE-2022-23945 describes a missing authentication flaw in the ShenYu Admin interface when registering over HTTP, affecting Apache ShenYu versions 2.4.0 and 2.4.1 . The connected sources consistently state the issue as an authentication gap without providing additional technical specifics within t...
CVE-2021-45029
CVE-2021-45029 describes a vulnerability in Apache ShenYu affecting versions 2.4.0 and 2.4.1, caused by Groovy Code Injection and SpEL Injection that can lead to Remote Code Execution. Publicly available details in the provided documents confirm the vulnerability type and affected versions, with ...
CVE-2021-37580
Apache ShenYu Admin (ShenyuAdminBootstrap) contains an authentication bypass flaw due to the incorrect use of JWT, affecting ShenYu 2.3.0 and 2.4.0. The vulnerability can allow an attacker to bypass authentication and gain admin access, with high-severity CVSS scores (3.1: CRITICAL, base score 9....
CVE-2022-23944
CVE-2022-23944 affects Apache ShenYu 2.4.0 and 2.4.1, introducing an unauthenticated access flaw where the /plugin API can be reached without credentials. Impact described across sources includes unauthorized access to sensitive information and potential admin-panel compromise. The issue originat...
CVE-2022-26650
CVE-2022-26650 (Apache ShenYu) concerns a denial of service caused by user-controllable inputs in ShenYu-Bootstrap’s RegexPredicateJudge.java, where Pattern.matches(conditionData.getParamValue(), realData) can be triggered by crafted regular expressions and characters. Affected versions are Apach...
CVE-2022-42735
CVE-2022-42735 is an Improper Privilege Management vulnerability in Apache ShenYu where a low-privilege admin (ShenYu Admin) can create users with higher privileges than their own. The issue affects Apache ShenYu 2.5.0. The documented remediation is to upgrade to ShenYu 2.5.1 or apply the patch f...
CVE-2022-37435
CVE-2022-37435 concerns Apache ShenYu Admin insecure permissions that may let a low-privilege administrator modify a high-privilege administrator’s password, enabling privilege escalation. Affected versions: ShenYu Admin 2.4.2 and 2.4.3. Root cause, per multiple sources, is improper/unsafe permis...
CVE-2023-25753
CVE-2023-25753 affects Apache ShenYu 2.5.1. The vulnerability is a Server-Side Request Forgery (SSRF) at the /sandbox/proxyGateway endpoint, allowing an attacker to inject arbitrary URLs via the requestUrl parameter and manipulate the resulting HTTP request. The issue enables control over the HTT...