Vulnerabilities > Apache > Shenyu > 2.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-17 | CVE-2022-26650 | Unspecified vulnerability in Apache Shenyu 2.4.0/2.4.1/2.4.2 In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. | 7.5 |
2022-01-25 | CVE-2021-45029 | Code Injection vulnerability in Apache Shenyu 2.4.0/2.4.1 Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. | 9.8 |
2022-01-25 | CVE-2022-23223 | Insufficiently Protected Credentials vulnerability in Apache Shenyu 2.4.0/2.4.1 On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. | 7.5 |
2022-01-25 | CVE-2022-23944 | Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1 User can access /plugin api without authentication. | 9.1 |
2022-01-25 | CVE-2022-23945 | Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1 Missing authentication on ShenYu Admin when register by HTTP. | 7.5 |
2021-11-16 | CVE-2021-37580 | Improper Authentication vulnerability in Apache Shenyu 2.3.0/2.4.0 A flaw was found in Apache ShenYu Admin. | 9.8 |