Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation.Apache ShenYu is vulnerable to code injection in versions 2.4.0 and 2.4.1, which stems from a design or implementation impropriety in the code development process of a web-based system or product. An attacker could exploit the vulnerability to cause Groovy code injection and SpEL injection for remote code execution.