Description
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/01/25/6
http://www.openwall.com/lists/oss-security/2022/01/26/3
https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
Related Vulnerabilities
CVE-2021-41086 Vulnerability in npm package jsuites
CVE-2019-10385 Vulnerability in maven package org.jenkins-ci.plugins:eggplant-plugin
CVE-2020-7656 Vulnerability in maven package org.webjars:jquery
CVE-2014-3600 Vulnerability in maven package org.apache.activemq:apache-activemq
CVE-2020-5259 Vulnerability in maven package org.webjars.bowergithub.dojo:dojox