CVE-2022-23223: Password leakage in Apache ShenYu

Description: The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1. -- Zhang Yonglun Apache ShenYu (Incubating) Apache ShardingSphere

CVE-2022-23223: Password leakage in Apache ShenYu

Description: The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1. -- Zhang Yonglun Apache ShenYu (Incubating) Apache ShardingSphere

Re: Password leakage in Apache Shenyu

Hi, was this a security issue? If so we should allocate a CVE name and follow https://s.apache.org/cveprocess Regards, Mark J Cox ASF Security On Wed, Nov 24, 2021 at 7:17 AM XiaoYu wrote: > Hi gregory andsecurity team > > First of all, thank you very much for your help. > This problem, we

Re: Password leakage in Apache Shenyu

Hi gregory andsecurity team First of all, thank you very much for your help. This problem, we have completely fixed and In the next released: https://github.com/apache/incubator-shenyu/pull/2357 Regards xiaoyu Apache Security Team

Re: Password leakage in Apache Shenyu

Please note that when you send mail to dev@shenyu it becomes public immediately. This is not the correct way to report a security issue. Please see https://apache.org/security/ for the correct way to report possible security issues. Regards, Mark On Tue, Nov 23, 2021 at 9:20 AM gregory draperi

Password leakage in Apache Shenyu

Dear Developers of Apache Shenyu, I am reaching you as I was reviewing your application and there is a password leakage in the application. It means that when a user will request the following URL "dashboardUser?currentPage=1=12", the response will disclose all the passswords of the users.