On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.
{
"cwe_ids": [
"CWE-522"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23223.json",
"cna_assigner": "apache",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "Apache ShenYu (incubating)"
},
{
"fixed": "2.4.2"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": [
"cpe:2.3:a:apache:shenyu:2.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:shenyu:2.4.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.4.0"
},
{
"last_affected": "2.4.0"
},
{
"introduced": "2.4.1"
},
{
"last_affected": "2.4.1"
}
],
"source": "CPE_STRING"
}