CVE-2023-25753: Server-Side Request Forgery in Apache ShenYu

. Upgrade to Apache ShenYu 2.6.0 or apply patch https://github.com/apache/shenyu/pull/4776 . Credit: by3 (finder) References: https://shenyu.apache.org https://www.cve.org/CVERecord?id=CVE-2023-25753 -- Zhang Yonglun Apache ShenYu & ShardingSphere

CVE-2022-42735: Apache ShenYu Admin ultra vires

to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958. Credit: xxhzz (finder) References: https://sling.apache.org/news.html https://shenyu.apache.org https://www.cve.org/CVERecord?id=CVE-2022-42735 -- Zhang Yonglun Apache ShenYu & ShardingSphere

CVE-2022-37435: Apache ShenYu Admin Improper Privilege Management

://github.com/apache/shenyu/pull/3658. Credit: Apache ShenYu would like to thank Lulu Gu for reporting this issue. -- Zhang Yonglun Apache ShenYu Apache ShardingSphere

Re: CVE-2022-26650: Apache ShenYu (incubating) Regular expression denial of service

of NSFOCUS security team for reporting this issue. -- Zhang Yonglun Apache ShenYu (Incubating) Apache ShardingSphere Zhang Yonglun 于2022年5月17日周二 13:52写道： > > Severity: moderate > > Description: > > In ShenYu-Bootstrap there's RegexPredicateJudge.java which uses

CVE-2022-26650: Apache ShenYu (incubating) Regular expression denial of service

and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2. Mitigation: Upgrade to Apache ShenYu (incubating) 2.4.3 or apply patch https://github.com/apache/incubator-shenyu/pull/2975. -- Zhang Yonglun Apache ShenYu (Incubating) Apache

[ANNOUNCE] Apache ShardingSphere UI 4.1.0 available

list: d...@shardingsphere.apache.org - Documents: https://shardingsphere.apache.org/document/current/ - Apache ShardingSphere Team -- Zhang Yonglun Apache ShardingSphere