Lucene search
Veracode Vulnerability DatabaseVERACODE:33892HistoryJan 26, 2022 - 3:50 a.m.
Information Disclosure
2022-01-2603:50:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
54.6%
shenyu-plugin-cryptor is vulnerable to information disclosure. The vulnerability exists due to the insufficiently protected credentials in the library, allowing an attacker to gain users sensitive information through the HTTP response.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shenyu-plugin-cryptor | eq | 2.4.1 | |
| shenyu-plugin-cryptor | eq | 2.4.1 |
References
www.openwall.com/lists/oss-security/2022/01/25/7
www.openwall.com/lists/oss-security/2022/01/26/4
github.com/apache/incubator-shenyu/commit/29cb757d23306e2f7dda6f71f45ac2e76545e709
github.com/apache/incubator-shenyu/pull/2302
lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
www.openwall.com/lists/oss-security/2022/01/25/7
Related
nvd
nvd
CVE-2022-23223
2022-01-25 13:15:08
cve
cve
CVE-2022-23223
2022-01-25 13:15:08
prion
prion
Code injection
2022-01-25 13:15:00
osv
osv
CVE-2022-23223
2022-01-25 13:15:08
Password exposure in ShenYu
2022-01-28 22:13:57
cnvd
cnvd
Apache ShenYu Information Disclosure Vulnerability
2022-01-27 00:00:00
github
github
Password exposure in ShenYu
2022-01-28 22:13:57
cvelist
cvelist
CVE-2022-23223 Apache ShenYu Password leakage
2022-01-25 13:00:22