By3

**Name of the Vulnerable Software and Affected Versions** Apache ShenYu version 2.5.1 **Description** There exists an SSRF (Server-Side Request Forgery) vulnerability located at the "/sandbox/proxyGateway" endpoint. This vulnerability allows manipulation of arbitrary requests and retrieval of corresponding responses by inputting any URL into the `requestUrl` parameter. Of particular concern is the ability to exert control over the HTTP method, cookies, IP address, and headers, effectively granting the capability to dispatch complete HTTP requests to hosts of choice. **Recommendations** Upgrade to Apache ShenYu 2.6.0 or apply the patch. As a temporary workaround, consider restricting access to the "/sandbox/proxyGateway" endpoint until a patch is applied. Avoid using the `requestUrl` parameter in the affected API endpoint until the issue is resolved.