Lucene search
Veracode Vulnerability DatabaseVERACODE:41724HistoryJul 26, 2023 - 4:05 a.m.
Path Traversal
2023-07-2604:05:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
path traversal
invalidrequestfilter
url validation
authentication bypass
apis
web frameworks
EPSS
0.001
Percentile
35.6%
shiro-web is vulnerable to Path Traversal. The vulnerability exists because the InvalidRequestFilter.java does not properly validate the URLs, which allows an attacker to access files outside the expected directory, leading to an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.
References
www.openwall.com/lists/oss-security/2023/07/24/4
github.com/advisories/GHSA-pmhc-2g4f-85cg
github.com/apache/shiro/commit/b67ff01cb1b94d23908ed7cfb6dfce4d16b54a02
github.com/apache/shiro/commit/c3ede3f94efb442acb0795714a022c2c121d1da0
lists.apache.org/thread/mbv26onkgw9o35rldh7vmq11wpv2t2qk
security.netapp.com/advisory/ntap-20230915-0005/
Related
ubuntucve
ubuntucve
CVE-2023-34478
2023-07-24 00:00:00
broadcom
broadcom
cvelist
cvelist
ibm
ibm
nvd
nvd
CVE-2023-34478
2023-07-24 19:15:10
github
github
Path Traversal in Apache Shiro
2023-07-24 21:30:39
cve
cve
CVE-2023-34478
2023-07-24 19:15:10
veracode
veracode
Path Traversal
2023-07-26 12:52:26
debiancve
debiancve
CVE-2023-34478
2023-07-24 19:15:10
osv
osv
Path Traversal in Apache Shiro
2023-07-24 21:30:39
CVE-2023-34478
2023-07-24 19:15:10
cnvd
cnvd
Apache Shiro Path Traversal Vulnerability
2023-07-30 00:00:00
prion
prion
Path traversal
2023-07-24 19:15:00