Lucene search
K
ApacheShenyu

9 matches found

CVE
CVE
added 2022/01/25 1:0 p.m.130 views

CVE-2022-23223

On Apache ShenYu, versions 2.4.0 and 2.4.1 contain an information disclosure flaw where an endpoint exposed user passwords in HTTP responses. The root cause is tied to how passwords were disclosed by the affected endpoints, as reported across CVE records and vendor advisories. Mitigation is to up...

7.5CVSS7.5AI score0.04306EPSS
CVE
CVE
added 2022/01/25 1:0 p.m.109 views

CVE-2022-23945

CVE-2022-23945 describes a missing authentication flaw in the ShenYu Admin interface when registering over HTTP, affecting Apache ShenYu versions 2.4.0 and 2.4.1 . The connected sources consistently state the issue as an authentication gap without providing additional technical specifics within t...

7.5CVSS7.6AI score0.03771EPSS
CVE
CVE
added 2022/01/25 1:0 p.m.108 views

CVE-2021-45029

CVE-2021-45029 describes a vulnerability in Apache ShenYu affecting versions 2.4.0 and 2.4.1, caused by Groovy Code Injection and SpEL Injection that can lead to Remote Code Execution. Publicly available details in the provided documents confirm the vulnerability type and affected versions, with ...

9.8CVSS9.8AI score0.06029EPSS
CVE
CVE
added 2021/11/16 9:35 a.m.103 views

CVE-2021-37580

Apache ShenYu Admin (ShenyuAdminBootstrap) contains an authentication bypass flaw due to the incorrect use of JWT, affecting ShenYu 2.3.0 and 2.4.0. The vulnerability can allow an attacker to bypass authentication and gain admin access, with high-severity CVSS scores (3.1: CRITICAL, base score 9....

9.8CVSS9.3AI score0.40058EPSS
In wild
CVE
CVE
added 2022/01/25 1:0 p.m.103 views

CVE-2022-23944

CVE-2022-23944 affects Apache ShenYu 2.4.0 and 2.4.1, introducing an unauthenticated access flaw where the /plugin API can be reached without credentials. Impact described across sources includes unauthorized access to sensitive information and potential admin-panel compromise. The issue originat...

9.1CVSS9.2AI score0.79007EPSS
CVE
CVE
added 2022/05/17 8:5 a.m.98 views

CVE-2022-26650

CVE-2022-26650 (Apache ShenYu) concerns a denial of service caused by user-controllable inputs in ShenYu-Bootstrap’s RegexPredicateJudge.java, where Pattern.matches(conditionData.getParamValue(), realData) can be triggered by crafted regular expressions and characters. Affected versions are Apach...

7.5CVSS7.3AI score0.02434EPSS
CVE
CVE
added 2023/02/15 9:38 a.m.83 views

CVE-2022-42735

CVE-2022-42735 is an Improper Privilege Management vulnerability in Apache ShenYu where a low-privilege admin (ShenYu Admin) can create users with higher privileges than their own. The issue affects Apache ShenYu 2.5.0. The documented remediation is to upgrade to ShenYu 2.5.1 or apply the patch f...

8.8CVSS8.7AI score0.0119EPSS
CVE
CVE
added 2022/09/01 2:0 p.m.82 views

CVE-2022-37435

CVE-2022-37435 concerns Apache ShenYu Admin insecure permissions that may let a low-privilege administrator modify a high-privilege administrator’s password, enabling privilege escalation. Affected versions: ShenYu Admin 2.4.2 and 2.4.3. Root cause, per multiple sources, is improper/unsafe permis...

8.8CVSS8.6AI score0.01109EPSS
CVE
CVE
added 2023/10/19 8:35 a.m.72 views

CVE-2023-25753

CVE-2023-25753 affects Apache ShenYu 2.5.1. The vulnerability is a Server-Side Request Forgery (SSRF) at the /sandbox/proxyGateway endpoint, allowing an attacker to inject arbitrary URLs via the requestUrl parameter and manipulate the resulting HTTP request. The issue enables control over the HTT...

6.5CVSS6.4AI score0.00838EPSS
Web