CVE-2022-23223

Name of the Vulnerable Software and Affected Versions Apache ShenYu versions 2.4.0 through 2.4.1

Description The issue is related to insufficient protection of registration data, allowing a remote attacker to obtain user registration data using a specially crafted HTTP request. This can lead to the disclosure of user passwords. The estimated number of potentially affected devices is not specified.

Recommendations For Apache ShenYu versions 2.4.0 and 2.4.1, upgrade to version 2.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoint to minimize the risk of exploitation. Avoid using the affected HTTP endpoint until the issue is resolved.