Lucene search
China National Vulnerability DatabaseCNVD-2022-08191HistoryJan 27, 2022 - 12:00 a.m.
Apache ShenYu Code Injection Vulnerability
2022-01-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
apache shenyu
code injection
vulnerability
version 2.4.0
version 2.4.1
design impropriety
implementation impropriety
web-based system
product
attacker
exploit
groovy code
spel injection
remote code execution
cnvd
EPSS
0.013
Percentile
86.1%
Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation.Apache ShenYu is vulnerable to code injection in versions 2.4.0 and 2.4.1, which stems from a design or implementation impropriety in the code development process of a web-based system or product. An attacker could exploit the vulnerability to cause Groovy code injection and SpEL injection for remote code execution.
Related
osv
osv
Code injection in ShenYu
2022-01-28 22:13:27
CVE-2021-45029
2022-01-25 13:15:07
prion
prion
Code injection
2022-01-25 13:15:00
github
github
Code injection in ShenYu
2022-01-28 22:13:27
nvd
nvd
CVE-2021-45029
2022-01-25 13:15:07
cve
cve
CVE-2021-45029
2022-01-25 13:15:07
veracode
veracode
Remote Code Execution (RCE)
2022-01-26 04:44:15
cvelist
cvelist
CVE-2021-45029 Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection
2022-01-25 13:00:21