461 matches found
The vulnerability of the Apache Shiro framework, related to defects in pathname restriction for restricted directories, allows attackers to bypass the authentication process.
The vulnerability of the Apache Shiro framework is related to shortcomings in the mechanism for restricting access to restricted directories. Exploiting this vulnerability allows a malicious actor to bypass authentication processes by sending specially crafted requests...
Path Traversal
Apache Shiro is vulnerable to Path Traversal Vulnerability. The vulnerability is due to improper validation and sanitization of respective path before processing. This issue can be exploited by an attacker to perform authentication bypass...
ca.ibodrov.concord:testcontainers-concord-core (>=2.0.0 <=2.0.2), ca.ibodrov.mica:mica-concord-server-plugin (>=0.0.2 <=0.0.21) +496 more potentially affected by CVE-2023-46749 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.12.0)
org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =2.0.0, =0.0.2, =5.1.0, =5.1.0, =5.1.0, =6.5.28, =6.5.28, =6.5.28, =6.5.28, =6.5.28, =2.2.0, =2.2.0, =2.2.0, =2.3.1 and more Source cves: CVE-2023-46749 Source advisory: OSV:GHSA-JC7H-C423-MPJC...
GHSA-JC7H-C423-MPJC Apache Shiro vulnerable to path traversal
Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
CVE-2023-46749
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
Path traversal
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
CVE-2023-46749
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
CVE-2023-46749
CVE-2023-46749 affects Apache Shiro prior to 1.13.0 or 2.0.0-alpha-4, where path traversal used with path rewriting can lead to authentication bypass. This is triggered when combined with path rewriting, enabling attackers to bypass login checks. Mitigation options from multiple sources include u...
CVE-2023-46749
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...
CVE-2023-46749
A flaw was found in Apache Shiro, which may allow a path traversal attack. When this issue is combined with the path rewriting feature, it can lead to an authentication bypass. Mitigation This flaw can be mitigated by making sure 'blockSemicolon' is enabled...
Apache Shiro Path Traversal Vulnerability
Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation in the United States. A path traversal vulnerability exists in Apache Shiro versions prior to 1.130, prior to 2.0.0-alpha-4, which stems fr...
PT-2024-1139 · Apache +2 · Apache Shiro +2
Name of the Vulnerable Software and Affected Versions: Apache Shiro versions 1.13.0 and earlier, or 2.0.0-alpha-4 and earlier Description: The issue is related to a path traversal attack that can result in an authentication bypass when used together with path rewriting. This can allow a remote...
Open Redirect
Apache Shiro is vulnerable to Open Redirect. The vulnerability is due to improper sanitization and validation on URL redirection when form authentication is used. This issue can be exploited by an attacker to redirect user to untrusted sites...
Apache Shiro Open Redirect Vulnerability
Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . Apache Shiro suffers from an open redirect vulnerability that can be exploited by a remote attacker to submit a special uri...
cloud.opencode.base:opencode-base-token (=1.0.0), io.github.junxworks:junx-ep-auth (>=2.0.0 <=2.1.0) +11 more potentially affected by CVE-2023-46750 via org.apache.shiro:shiro-web (>=2.0.0-alpha-1 <=2.0.0-alpha-3)
org.apache.shiro:shiro-web MAVEN version =2.0.0-alpha-1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-3 Source cves: CVE-2023-46750 Source advisory: OSV:GHSA-HHW5-C326-822H...
Open redirect in Apache Shiro
URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...
GHSA-HHW5-C326-822H Open redirect in Apache Shiro
URL Redirection to Untrusted Site 'Open Redirect' vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+...