Lucene search
ApacheCVELIST:CVE-2023-46749HistoryJan 15, 2024 - 9:57 a.m.
CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting
2024-01-1509:57:31
CWE-22
apache
raw.githubusercontent.com
1
apache shiro
path traversal attack
authentication bypass
cve-2023-46749
mitigation
update
blocksemicolon
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting
Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled (this is the default).
Related
ubuntucve
ubuntucve
CVE-2023-46749
2024-01-15 00:00:00
cve
cve
CVE-2023-46749
2024-01-15 10:15:26
prion
prion
Path traversal
2024-01-15 10:15:00
veracode
veracode
Path Traversal
2024-01-16 05:48:38
github
github
Apache Shiro vulnerable to path traversal
2024-01-15 12:30:19
osv
osv
Apache Shiro vulnerable to path traversal
2024-01-15 12:30:19
CVE-2023-46749
2024-01-15 10:15:26
debiancve
debiancve
CVE-2023-46749
2024-01-15 10:15:26
redhatcve
redhatcve
CVE-2023-46749
2024-01-12 21:30:54
redhat
redhat
(RHSA-2024:3354) Important: Red Hat Fuse 7.13.0 release and security update
2024-05-23 22:44:00