GHSA-7wq4-89xx-g62j

Suggest an improvement
Source
https://github.com/advisories/GHSA-7wq4-89xx-g62j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-7wq4-89xx-g62j/GHSA-7wq4-89xx-g62j.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-7wq4-89xx-g62j
Aliases
Published
2022-01-28T22:13:57Z
Modified
2024-02-16T05:24:49.082961Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Password exposure in ShenYu
Details

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Database specific
{
    "nvd_published_at": "2022-01-25T13:15:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-26T22:42:18Z"
}
References

Affected packages

Maven / org.apache.shenyu:shenyu-common

Package

Name
org.apache.shenyu:shenyu-common
View open source insights on deps.dev
Purl
pkg:maven/org.apache.shenyu/shenyu-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.0
Fixed
2.4.2

Affected versions

2.*

2.4.0
2.4.1