Description

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/25/7

http://www.openwall.com/lists/oss-security/2022/01/26/4

https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s

Related Vulnerabilities

CVE-2013-7381 Vulnerability in npm package libnotify

CVE-2019-10249 Vulnerability in maven package org.eclipse.xtext:org.eclipse.xtext.maven.parent

CVE-2020-15242 Vulnerability in npm package next

CVE-2019-19771 Vulnerability in npm package path-to-regxep

CVE-2023-25765 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Exploit Patch Vendor Advisory