oss-sec mailing list archives
CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control
From: Zhang Yonglun <zhangyonglun () apache org>
Date: Tue, 25 Jan 2022 19:39:06 +0800
Description: User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. -- Zhang Yonglun Apache ShenYu (Incubating) Apache ShardingSphere
Current thread:
- CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control Zhang Yonglun (Jan 25)
- Re: CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control Alan Coopersmith (Jan 25)