11 matches found
be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +2748 more potentially affected by CVE-2020-11989 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.5.2)
org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.0, =0.1, =0.1, =0.1, =0.2 and more Source cves: CVE-2020-11989 Source advisory: OSV:GHSA-72W9-FCJ5-3FCG...
Ubuntu 18.04 LTS / 20.04 LTS : Apache Shiro vulnerabilities (USN-4740-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4740-1 advisory. It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication...
Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update
A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Debian: Security Advisory (DLA-2273-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2273-1 : shiro security update
It was discovered that there was two issues in shiro, a security framework for Java application : - CVE-2020-1957: Fix a path-traversal issue where a specially crafted request could cause an authentication bypass. - CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous...
[SECURITY] [DLA 2273-1] shiro security update
Package : shiro Version : 1.3.2-1+deb9u1 CVE IDs : CVE-2020-1957 CVE-2020-11989 Debian Bug : 955018 It was discovered that there was two issues in shiro, a security framework for Java application: CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an...
CVE-2020-11989
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
CVE-2020-11989
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
CVE-2020-11989
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
CVE-2020-11989
CVE-2020-11989 affects Apache Shiro prior to 1.5.3 when used with Spring dynamic controllers; a specially crafted request may bypass authentication. The vulnerability context is confirmed across multiple sources (NVD entry and Nessus/OpenVAS entries). Remediation can be upgrading to Apache Shiro ...
CVE-2020-11989
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...