Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-70281
HistoryJul 30, 2023 - 12:00 a.m.

Apache Shiro Path Traversal Vulnerability

2023-07-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
19
apache shiro
path traversal
security framework
java
vulnerability
file retrieval

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

35.6%

Apache Shiro is the United States Apache (Apache) Foundation set of Java security framework for performing authentication, authorization, encryption and session management . A path traversal vulnerability exists in versions of Apache Shiro prior to 1.12.0, which stems from the program’s failure to properly filter special elements in the path of a resource or file. An attacker could exploit this vulnerability to retrieve arbitrary files from the underlying file system via a specially crafted web request.

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

35.6%