Lucene search
Veracode Vulnerability DatabaseVERACODE:33892HistoryJan 26, 2022 - 3:50 a.m.
Information Disclosure
2022-01-2603:50:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
information disclosure
shenyu-plugin-cryptor
credentials
library
http response
vulnerability
EPSS
0.002
Percentile
59.2%
shenyu-plugin-cryptor is vulnerable to information disclosure. The vulnerability exists due to the insufficiently protected credentials in the library, allowing an attacker to gain users sensitive information through the HTTP response.
References
www.openwall.com/lists/oss-security/2022/01/25/7
www.openwall.com/lists/oss-security/2022/01/26/4
github.com/apache/incubator-shenyu/commit/29cb757d23306e2f7dda6f71f45ac2e76545e709
github.com/apache/incubator-shenyu/pull/2302
lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
www.openwall.com/lists/oss-security/2022/01/25/7
Related
nvd
nvd
CVE-2022-23223
2022-01-25 13:15:08
cnvd
cnvd
Apache ShenYu Information Disclosure Vulnerability
2022-01-27 00:00:00
github
github
Password exposure in ShenYu
2022-01-28 22:13:57
osv
osv
Password exposure in ShenYu
2022-01-28 22:13:57
CVE-2022-23223
2022-01-25 13:15:08
prion
prion
Code injection
2022-01-25 13:15:00
cve
cve
CVE-2022-23223
2022-01-25 13:15:08
cvelist
cvelist
CVE-2022-23223 Apache ShenYu Password leakage
2022-01-25 13:00:22