CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37435 – Apache ShenYu Admin Improper Privilege Management
https://notcve.org/view.php?id=CVE-2022-37435
01 Sep 2022 — Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Apache ShenYu Admin presenta permisos no seguros, lo que puede permitir a administradores poco privilegiados modificar las contraseñas de los administradores muy privilegiados. Este problema afecta a Apache ShenYu versiones 2.4.2 y 2.4.3 • https://lists.apache.org/thread/ndblyxr2fdrvjtgbs1bogxgv2cgk7t28 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26650 – Apache ShenYu (incubating) Regular expression denial of service
https://notcve.org/view.php?id=CVE-2022-26650
17 May 2022 — In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3. En Apache ShenYui, ShenYu-Bootstrap, El archivo RegexPredicateJudge.java usa Pattern.matches(conditionData.getPara... • http://www.openwall.com/lists/oss-security/2022/05/17/3 • CWE-1333: Inefficient Regular Expression Complexity •