CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common

Description

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Remediation

References

https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s

http://www.openwall.com/lists/oss-security/2022/01/25/7

http://www.openwall.com/lists/oss-security/2022/01/26/4

Related Vulnerabilities

CVE-2020-26870 Vulnerability in maven package org.webjars.bower:dompurify

CVE-2022-41930 Vulnerability in maven package org.xwiki.platform:xwiki-platform-user-profile-ui

CVE-2021-45458 Vulnerability in maven package org.apache.kylin:kylin-core-common

CVE-2020-6467 Vulnerability in npm package electron

CVE-2020-11998 Vulnerability in maven package org.apache.activemq:activemq-broker

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N