CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common

Description

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/25/7

http://www.openwall.com/lists/oss-security/2022/01/26/4

https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s

Related Vulnerabilities

CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-openwire-legacy

CVE-2023-24162 Vulnerability in maven package cn.hutool:hutool-all

CVE-2020-7708 Vulnerability in npm package @irrelon/path

CVE-2020-17510 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-web-starter

CVE-2023-38704 Vulnerability in npm package import-in-the-middle

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N