<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2021-45029: Groovy Code Injection & SpEL Injection in Apache ShenYu 2.4.1
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Zhang Yonglun <zhangyonglun () apache org>
Date: Tue, 25 Jan 2022 19:53:03 +0800
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Description:
Groovy Code Injection & SpEL Injection which lead to Remote Code
Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
--
Zhang Yonglun
Apache ShenYu (Incubating)
Apache ShardingSphere
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2021-45029: Groovy Code Injection & SpEL Injection in Apache ShenYu 2.4.1 Zhang Yonglun (Jan 25)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->