Vulnerabilities > Apache > Shenyu > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-23944 Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1
User can access /plugin api without authentication.
network
low complexity
apache CWE-306
critical
 9.1
9.1
2022-01-25 CVE-2021-45029 Code Injection vulnerability in Apache Shenyu 2.4.0/2.4.1
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution.
network
low complexity
apache CWE-94
critical
 9.8
9.8
2021-11-16 CVE-2021-37580 Improper Authentication vulnerability in Apache Shenyu 2.3.0/2.4.0
A flaw was found in Apache ShenYu Admin.
network
low complexity
apache CWE-287
critical
 9.8
9.8