Maven package

org.apache.shenyu/shenyu-admin

pkg:maven/org.apache.shenyu/shenyu-admin

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-25753	—	< 2.6.0	2.6.0	Oct 19, 2023	There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular c
CVE-2022-42735	—	< 2.5.1	2.5.1	Feb 15, 2023	Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or a
CVE-2021-37580	—	>= 2.3.0, < 2.4.1	2.4.1	Nov 16, 2021	A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

CVE-2023-25753Oct 19, 2023
affected < 2.6.0fixed 2.6.0
There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular c
CVE-2022-42735Feb 15, 2023
affected < 2.5.1fixed 2.5.1
Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or a
CVE-2021-37580Nov 16, 2021
affected >= 2.3.0, < 2.4.1fixed 2.4.1
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0