Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-23223

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2022-23223: Apache ShenYu (incubating) Password leakage

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Zhang Yonglun &lt;zhangyonglun () apache org&gt;

Date: Wed, 26 Jan 2022 14:46:17 +0800

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Severity: moderate

Description:

The HTTP response will disclose the user password.
When users send the request like the following URL
"dashboardUser?currentPage=1&amp;pageSize=12", the response will disclose
all the passwords of the users.
This issue affects Apache ShenYu (incubating) 2.4.0 and 2.4.1.

Mitigation:

Upgrade to Apache ShenYu (incubating) 2.4.2 or apply patch
https://github.com/apache/incubator-shenyu/pull/2357.

--

Zhang Yonglun
Apache ShenYu (Incubating)
Apache ShardingSphere

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

CVE-2022-23223: Apache ShenYu (incubating) Password leakage Zhang Yonglun (Jan 26)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-23223: Apache ShenYu (incubating) Password leakage

Vulmon Search

About

Products

Connect