Shenyu Security Vulnerabilities and Issues — Shenyu CVE List

Lucene search

ApacheShenyu

4 matches found

CVE•added 2022/01/25 1:15 p.m.•112 views

CVE-2022-23223

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

7.5CVSS7.5AI score0.03544EPSS

CVE•added 2022/01/25 1:15 p.m.•94 views

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

7.5CVSS7.6AI score0.01133EPSS

CVE•added 2022/01/25 1:15 p.m.•80 views

CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

9.1CVSS9.2AI score0.90556EPSS

CVE•added 2022/01/25 1:15 p.m.•78 views

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

9.8CVSS9.8AI score0.05336EPSS