{"schema_version": "1.6.1", "id": "CVE-2022-23945", "summary": "Apache ShenYu (incubating) missing authentication allows gateway registration", "details": "Missing  authentication on ShenYu Admin when a gateway registers. So, if ShenYu Admin is exposed to the internet, it will allow any user to register as the gateway.\nThis issue affects Apache ShenYu (incubating) 2.4.0 and 2.4.1.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache ShenYu (incubating) "}, {"fixed": "2.4.2"}]}]}], "references": [{"type": "ADVISORY", "url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s"}]}