oss-sec mailing list archives
CVE-2022-23223: Apache ShenYu (incubating) Password leakage
From: Zhang Yonglun <zhangyonglun () apache org>
Date: Wed, 26 Jan 2022 14:46:17 +0800
Severity: moderate Description: The HTTP response will disclose the user password. When users send the request like the following URL "dashboardUser?currentPage=1&pageSize=12", the response will disclose all the passwords of the users. This issue affects Apache ShenYu (incubating) 2.4.0 and 2.4.1. Mitigation: Upgrade to Apache ShenYu (incubating) 2.4.2 or apply patch https://github.com/apache/incubator-shenyu/pull/2357. -- Zhang Yonglun Apache ShenYu (Incubating) Apache ShardingSphere
Current thread:
- CVE-2022-23223: Apache ShenYu (incubating) Password leakage Zhang Yonglun (Jan 26)