退订 On Wed, 15 Feb 2023 at 11:19, Zhang Yonglun <zhangyong...@apache.org> wrote:
> Severity: low > > Description: > > Improper Privilege Management vulnerability in Apache Software > Foundation Apache ShenYu. > > ShenYu Admin allows low-privilege low-level administrators create > users with higher privileges than their own. > > This issue affects Apache ShenYu: 2.5.0. > > Work Arounds: > > Upgrade to Apache ShenYu 2.5.1 or apply patch > https://github.com/apache/shenyu/pull/3958. > > Credit: > > xxhzz (finder) > > References: > > https://shenyu.apache.org > https://www.cve.org/CVERecord?id=CVE-2022-42735 > > -- > > Zhang Yonglun > Apache ShenYu & ShardingSphere >
