Apache Shiro is the United States Apache (Apache) Foundation set of Java security framework for performing authentication, authorization, encryption and session management . A path traversal vulnerability exists in versions of Apache Shiro prior to 1.12.0, which stems from the program’s failure to properly filter special elements in the path of a resource or file. An attacker could exploit this vulnerability to retrieve arbitrary files from the underlying file system via a specially crafted web request.