Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

Authentication Bypass

Apache Shiro Web is vulnerable to authentication bypass. An unhandled HTTP request causes an authentication bypass while using it with Spring Boot...

CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

DEBIAN-CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

UBUNTU-CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

Authentication flaw

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

CVE-2021-41303

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

CVE-2021-41303

Apache Shiro prior to 1.8.0 (when used with Spring Boot) is affected by an authentication bypass via specially crafted HTTP requests. The CVE-2021-41303 entry notes a high/critical impact (C:H/I:H/A:H in CVSS 3.1) and recommends upgrading to Apache Shiro 1.8.0 or later to remediate. Connected doc...

CVE-2021-41303 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.3.10 security update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.33), cn.fossc.polaris.framework:polaris-framework-boot (>=3.0.1 <=3.0.33) +38 more potentially affected by CVE-2021-36162 via org.apache.dubbo:dubbo (>=3.0.0 <=3.0.15)

org.apache.dubbo:dubbo MAVEN version =3.0.0, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =1.2.1, =1.2.2 - com.chinagoods.framework.thinkcloud:think-cloud-starter-business =3.1.7.RELEASE - com.chinagoods.framework.thinkcloud:think-cloud-starter-controller =3.1.7.RELEASE -...

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19704

The CVE-2020-19704 entry describes a stored cross-site scripting (XSS) vulnerability in spring-boot-admin, via ResourceController.java, with exploitation possible to run arbitrary web scripts/HTML. Documents confirm affected software is spring-boot-admin and the vulnerable component/file is Resou...

spring-boot-admin 跨站脚本漏洞

spring-boot-admin is an open source backend management system based on Spring boot Mybatis , with user management , menu management and role management 3 functions , permission control to the button level . spring-boot-admin There is a security vulnerability that can be exploited by attackers to...

SpringBootVulExploit

This repository is an offensive tool for exploiting Spring Boot vulnerabilities. It contains a collection of exploits and techniques for various Spring Boot versions, including: 1. Spring Boot 1.0 - 1.4: Exposes actuators by default without any parameters, making it vulnerable to RCE Remote Code...

br.com.damsete.arq:damsete-arq (>=0.0.9 <=0.0.12), br.com.damsete.arq:damsete-arq-audit (>=0.0.9 <=0.0.12) +481 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.10.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.3 - com.c4-soft.springaddons:spring-security-oauth2-addons =1.0.0 -...

JetLinks open source IoT platform suffers from weak password vulnerability

JetLinks open source Internet of Things platform based on Java8, Spring Boot 2.x, WebFlux, Netty, Vert.x, Reactor and other development , is an out-of-the-box , secondary development of enterprise-class Internet of Things infrastructure platform . JetLinks open source IoT platform has a weak...