CVE-2021-45029
CRITICALApache ShenYu 2.4.0-2.4.1 - Remote Code Execution via Groovy and SpEL Injection
Title source: llmDescription
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
References (3)
Core 3
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/3zzmwvg3012tg306x8o893fvdcssx639
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/25/8
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/26/1
Scores
CVSS v3
9.8
EPSS
0.1039
EPSS Percentile
93.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (3)
apache/shenyu
2.4.0
apache/shenyu
2.4.1
org.apache.shenyu/shenyu-common
2.4.0 - 2.4.2Maven
Published
Jan 25, 2022
Tracked Since
Feb 18, 2026