Apache Shiro before 1.4.2, when using the default “remember me”
configuration, cookies could be susceptible to a padding attack.
launchpad.net/bugs/cve/CVE-2019-12422
lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c@%3Cdev.shiro.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2019-12422
security-tracker.debian.org/tracker/CVE-2019-12422
www.cve.org/CVERecord?id=CVE-2019-12422
www.openwall.com/lists/oss-security/2019/11/18/1