In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache shenyu 2.4.0 |
||
apache shenyu 2.4.1 |
||
apache shenyu 2.4.2 |