oss-sec mailing list archives

CVE-2021-45029: Groovy Code Injection & SpEL Injection in Apache ShenYu 2.4.1

From: Zhang Yonglun <zhangyonglun () apache org>
Date: Tue, 25 Jan 2022 19:53:03 +0800

Description:

Groovy Code Injection & SpEL Injection which lead to Remote Code
Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

--

Zhang Yonglun
Apache ShenYu (Incubating)
Apache ShardingSphere

Current thread:

CVE-2021-45029: Groovy Code Injection & SpEL Injection in Apache ShenYu 2.4.1 Zhang Yonglun (Jan 25)