Shenyu Security Vulnerabilities and Issues — Shenyu CVE List

Lucene search

ApacheShenyu

3 matches found

CVE•added 2021/11/16 10:15 a.m.•82 views

CVE-2021-37580

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

9.8CVSS9.3AI score0.93993EPSS

CVE•added 2022/01/25 1:15 p.m.•80 views

CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

9.1CVSS9.2AI score0.91538EPSS

CVE•added 2022/01/25 1:15 p.m.•78 views

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

9.8CVSS9.8AI score0.05336EPSS