oss-sec mailing list archives

CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control

From: Zhang Yonglun <zhangyonglun () apache org>
Date: Tue, 25 Jan 2022 19:39:06 +0800

Description:

User can access /plugin api without authentication. This issue
affected Apache ShenYu 2.4.0 and 2.4.1.


--

Zhang Yonglun
Apache ShenYu (Incubating)
Apache ShardingSphere

Current thread:

CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control Zhang Yonglun (Jan 25)
- Re: CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control Alan Coopersmith (Jan 25)