[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control
From: Alan Coopersmith <alan.coopersmith () oracle ! com>
Date: 2022-01-25 22:27:02
Message-ID: 3fc65cdf-8155-cff7-015c-e4aa1ba37346 () oracle ! com
[Download RAW message or body]
On 1/25/22 03:39, Zhang Yonglun wrote:
> Description:
>
> User can access /plugin api without authentication. This issue
> affected Apache ShenYu 2.4.0 and 2.4.1.
Thanks for informing oss-security of these issues, but good security
announcements have a little more detail, like what actions users or
distributors need to take (upgrade to a new version? what version?)
and information on where to find more details, like a bug id in your
bug tracker. If you look at the announcements from other Apache
projects, you'll see they often include those.
Some good examples:
https://www.openwall.com/lists/oss-security/2021/12/18/2
https://www.openwall.com/lists/oss-security/2022/01/05/4
https://www.openwall.com/lists/oss-security/2022/01/06/2
--
-Alan Coopersmith- alan.coopersmith@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic