.
Upgrade to Apache ShenYu 2.6.0 or apply patch
https://github.com/apache/shenyu/pull/4776 .
Credit:
by3 (finder)
References:
https://shenyu.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-25753
--
Zhang Yonglun
Apache ShenYu & ShardingSphere
to Apache ShenYu 2.5.1 or apply patch
https://github.com/apache/shenyu/pull/3958.
Credit:
xxhzz (finder)
References:
https://sling.apache.org/news.html
https://shenyu.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-42735
--
Zhang Yonglun
Apache ShenYu & ShardingSphere
://github.com/apache/shenyu/pull/3658.
Credit:
Apache ShenYu would like to thank Lulu Gu for reporting this issue.
--
Zhang Yonglun
Apache ShenYu
Apache ShardingSphere
of NSFOCUS security team
for reporting this issue.
--
Zhang Yonglun
Apache ShenYu (Incubating)
Apache ShardingSphere
Zhang Yonglun 于2022年5月17日周二 13:52写道:
>
> Severity: moderate
>
> Description:
>
> In ShenYu-Bootstrap there's RegexPredicateJudge.java which uses
and
characters causing a resource exhaustion.
This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2.
Mitigation:
Upgrade to Apache ShenYu (incubating) 2.4.3 or apply patch
https://github.com/apache/incubator-shenyu/pull/2975.
--
Zhang Yonglun
Apache ShenYu (Incubating)
Apache
list: d...@shardingsphere.apache.org
- Documents: https://shardingsphere.apache.org/document/current/
- Apache ShardingSphere Team
--
Zhang Yonglun
Apache ShardingSphere