Maven package
org.apache.shenyu/shenyu-common
pkg:maven/org.apache.shenyu/shenyu-common
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-25753 | — | < 2.6.0 | 2.6.0 | Oct 19, 2023 | There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular c | ||
| CVE-2022-37435 | — | >= 2.4.2, < 2.5.0 | 2.5.0 | Sep 1, 2022 | Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. | ||
| CVE-2022-23945 | — | >= 2.4.0, < 2.4.2 | 2.4.2 | Jan 25, 2022 | Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||
| CVE-2022-23944 | — | >= 2.4.0, < 2.4.2 | 2.4.2 | Jan 25, 2022 | User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||
| CVE-2022-23223 | — | >= 2.4.0, < 2.4.2 | 2.4.2 | Jan 25, 2022 | On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later. | ||
| CVE-2021-45029 | — | >= 2.4.0, < 2.4.2 | 2.4.2 | Jan 25, 2022 | Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1. |
- CVE-2023-25753Oct 19, 2023affected < 2.6.0fixed 2.6.0
There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular c
- CVE-2022-37435Sep 1, 2022affected >= 2.4.2, < 2.5.0fixed 2.5.0
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.
- CVE-2022-23945Jan 25, 2022affected >= 2.4.0, < 2.4.2fixed 2.4.2
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
- CVE-2022-23944Jan 25, 2022affected >= 2.4.0, < 2.4.2fixed 2.4.2
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
- CVE-2022-23223Jan 25, 2022affected >= 2.4.0, < 2.4.2fixed 2.4.2
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.
- CVE-2021-45029Jan 25, 2022affected >= 2.4.0, < 2.4.2fixed 2.4.2
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.