Shenyu Security Vulnerabilities and Issues — Shenyu CVE List

Lucene search

ApacheShenyu

6 matches found

CVE•added 2022/01/25 1:15 p.m.•111 views

CVE-2022-23223

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

7.5CVSS7.5AI score0.03544EPSS

CVE•added 2022/01/25 1:15 p.m.•94 views

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

7.5CVSS7.6AI score0.01133EPSS

CVE•added 2022/05/17 8:15 a.m.•85 views

CVE-2022-26650

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhau...

7.5CVSS7.3AI score0.01258EPSS

CVE•added 2022/01/25 1:15 p.m.•80 views

CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

9.1CVSS9.2AI score0.91538EPSS

CVE•added 2022/01/25 1:15 p.m.•78 views

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

9.8CVSS9.8AI score0.05336EPSS

CVE•added 2022/09/01 2:15 p.m.•65 views

CVE-2022-37435

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.

8.8CVSS8.6AI score0.0013EPSS