Description
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/01/25/7
http://www.openwall.com/lists/oss-security/2022/01/26/4
https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
Related Vulnerabilities
CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-openwire-legacy
CVE-2023-24162 Vulnerability in maven package cn.hutool:hutool-all
CVE-2020-7708 Vulnerability in npm package @irrelon/path
CVE-2020-17510 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-web-starter
CVE-2023-38704 Vulnerability in npm package import-in-the-middle