Homepage
About Snyk

org.apache.shenyu:shenyu-admin@2.5.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.shenyu:shenyu-admin package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Server-side Request Forgery (SSRF)

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the /sandbox/proxyGateway endpoint. An attacker can manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. This effectively grants the attacker the capability to dispatch complete HTTP requests to hosts of their choosing.

Note:

This is only exploitable if the HTTP method, cookies, IP address, and headers are under the attacker's control.

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.apache.shenyu:shenyu-admin to version 2.6.0 or higher.

[,2.6.0)
  • M
Improper Privilege Management

Affected versions of this package are vulnerable to Improper Privilege Management by allowing low-privilege low-level administrators to create users with higher privileges than their own.

How to fix Improper Privilege Management?

Upgrade org.apache.shenyu:shenyu-admin to version 2.5.1 or higher.

[,2.5.1)
Go back to all versions of this package