Description
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
Remediation
References
https://lists.apache.org/thread/3zzmwvg3012tg306x8o893fvdcssx639
http://www.openwall.com/lists/oss-security/2022/01/25/8
http://www.openwall.com/lists/oss-security/2022/01/26/1
Related Vulnerabilities
CVE-2020-35490 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-28156 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest
CVE-2020-2291 Vulnerability in maven package org.jenkins-ci.plugins:couchdb-statistics
CVE-2019-1003070 Vulnerability in maven package org.jenkins-ci.plugins:veracode-scanner
CVE-2020-1937 Vulnerability in maven package org.apache.kylin:kylin-server-base