Skip to main content

Shenyu

4 CVEs product

Monthly

CVE-2023-25753 Maven MEDIUM PATCH This Month

There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Shenyu
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-37435 Maven HIGH PATCH This Week

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords.4.2 and 2.4.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Apache Information Disclosure Shenyu
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-26650 Maven HIGH PATCH This Week

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Apache Shenyu
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-37580 Maven CRITICAL POC PATCH THREAT Act Now

A flaw was found in Apache ShenYu Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Shenyu
NVD
CVSS 3.1
9.8
EPSS
40.1%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Shenyu
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords.4.2 and 2.4.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Apache Information Disclosure Shenyu
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Apache +1
NVD
EPSS 40% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A flaw was found in Apache ShenYu Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Shenyu
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy