Description
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
Remediation
References
https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
http://www.openwall.com/lists/oss-security/2022/01/25/6
http://www.openwall.com/lists/oss-security/2022/01/26/3
Related Vulnerabilities
CVE-2022-36084 Vulnerability in npm package cruddl
CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-javalite
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.13
CVE-2023-47327 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2021-36152 Vulnerability in maven package org.apache.gobblin:gobblin-core