oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-23223: Apache ShenYu (incubating) Password leakage

From: Zhang Yonglun <zhangyonglun () apache org>
Date: Wed, 26 Jan 2022 14:46:17 +0800
Severity: moderate

Description:

The HTTP response will disclose the user password.
When users send the request like the following URL
"dashboardUser?currentPage=1&pageSize=12", the response will disclose
all the passwords of the users.
This issue affects Apache ShenYu (incubating) 2.4.0 and 2.4.1.

Mitigation:

Upgrade to Apache ShenYu (incubating) 2.4.2 or apply patch
https://github.com/apache/incubator-shenyu/pull/2357.


--

Zhang Yonglun
Apache ShenYu (Incubating)
Apache ShardingSphere
Previous By Date Next
Previous By Thread Next

Current thread: