CVE-2021-45029

Summary

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache ShenYu (incubating)Apache ShenYu (incubating) < 2.4.2affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References