Shiro@* Security Vulnerabilities and Issues — Shiro@* CVE List

Lucene search

ApacheShiro*

3 matches found

CVE•added 2023/07/24 7:15 p.m.•2575 views

CVE-2023-34478

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3...

9.8CVSS9.5AI score0.00041EPSS

CVE•added 2023/01/14 10:15 a.m.•151 views

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot

7.5CVSS7.7AI score0.0014EPSS

CVE•added 2023/12/14 9:15 a.m.•47 views

CVE-2023-46750

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

6.1CVSS6.6AI score0.00176EPSS