Shiro@2.0.0 Security Vulnerabilities and Issues — Shiro@2.0.0 CVE List

Lucene search

ApacheShiro2.0.0

3 matches found

CVE•added 2023/07/24 7:15 p.m.•2575 views

CVE-2023-34478

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3...

9.8CVSS9.5AI score0.00041EPSS

CVE•added 2024/01/15 10:15 a.m.•66 views

CVE-2023-46749

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled (this is the default).

6.5CVSS6.5AI score0.00197EPSS

CVE•added 2023/12/14 9:15 a.m.•47 views

CVE-2023-46750

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

6.1CVSS6.6AI score0.00176EPSS