CVE-2021-45029

Name of the Vulnerable Software and Affected Versions Apache ShenYu versions 2.4.0 through 2.4.1

Description The issue is related to incorrect code generation management, which can be exploited to execute arbitrary code using Groovy Code injection or SpEL injection, leading to Remote Code Execution. This can be done by a remote attacker.

Recommendations For Apache ShenYu versions 2.4.0 and 2.4.1, consider disabling Groovy Code injection and SpEL injection functionality until a patch is available. Restrict access to the affected components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.