{"schema_version": "1.6.1", "id": "CVE-2022-23223", "summary": "Apache ShenYu (incubating) Password leakage", "details": "The HTTP response will disclose the user password. \nWhen users send the request like the following URL \"dashboardUser?currentPage=1&pageSize=12\", the response will disclose all the passwords of the users.\nThis issue affects Apache ShenYu (incubating) 2.4.0 and 2.4.1.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache ShenYu (incubating) "}, {"fixed": "2.4.2"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"}]}