shenyu-plugin-cryptor is vulnerable to information disclosure. The vulnerability exists due to the insufficiently protected credentials in the library, allowing an attacker to gain users sensitive information through the HTTP response.
www.openwall.com/lists/oss-security/2022/01/25/7
www.openwall.com/lists/oss-security/2022/01/26/4
github.com/apache/incubator-shenyu/commit/29cb757d23306e2f7dda6f71f45ac2e76545e709
github.com/apache/incubator-shenyu/pull/2302
lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
www.openwall.com/lists/oss-security/2022/01/25/7