Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Apache Subscribe
Filtered by product Shenyu
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42735 1 Apache 1 Shenyu 2023-02-24 N/A 8.8 HIGH
Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .
CVE-2022-37435 1 Apache 1 Shenyu 2022-09-09 N/A 8.8 HIGH
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.
CVE-2022-26650 1 Apache 1 Shenyu 2022-05-25 5.0 MEDIUM 7.5 HIGH
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.
CVE-2022-23945 1 Apache 1 Shenyu 2022-02-01 5.0 MEDIUM 7.5 HIGH
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVE-2022-23944 1 Apache 1 Shenyu 2022-02-01 6.4 MEDIUM 9.1 CRITICAL
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVE-2022-23223 1 Apache 1 Shenyu 2022-02-01 5.0 MEDIUM 7.5 HIGH
The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVE-2021-45029 1 Apache 1 Shenyu 2022-01-28 7.5 HIGH 9.8 CRITICAL
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVE-2021-37580 1 Apache 1 Shenyu 2021-11-17 7.5 HIGH 9.8 CRITICAL
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0