Filters

Versions

2.0.0-alpha1
3
2.0.0-alpha2
3
1.0.0
2
2.0.0-alpha3
2
1.1.0
1
1.2.0
1
1.2.1
1
1.2.2
1
1.2.4
1
1.3.1
1

Apache ShiroApache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

medium
6.6
First published (updated )
CVE-2023-46749

Apache ShiroApache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

high
7.4
First published (updated )
CVE-2023-46750

Apache ShiroApache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.

critical
9.8
First published (updated )
CVE-2023-34478

Apache ShiroApache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request

high
7.5
First published (updated )
CVE-2023-22602

Apache ShiroAuthentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher

critical
9.8
First published (updated )
CVE-2022-40664

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache ShiroAuthentication Bypass Vulnerability

critical
9.8
First published (updated )
CVE-2022-32532

Oracle Financial Services Crime And Compliance Management StudioApache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

critical
9.8
First published (updated )
CVE-2021-41303

Apache ShiroApache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may…

critical
9.8
First published (updated )
CVE-2020-17523

ubuntu/shiroApache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may…

critical
9.8
First published (updated )
CVE-2020-17510

ubuntu/shiroInput Validation

high
7.5
First published (updated )
CVE-2020-13933

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/shiroApache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially craf…

critical
9.8
First published (updated )
CVE-2020-11989

Apache ShiroApache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially craf…

critical
9.8
First published (updated )
CVE-2020-1957

redhat/shiroInput Validation

high
7.5
First published (updated )
CVE-2019-12422

Apache ShiroApache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by lev…

high
7.5
First published (updated )
CVE-2016-6802

Apache ShiroApache Shiro Code Execution Vulnerability

critical
9.8
Exploited
First published (updated )
CVE-2016-4437

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache ShiroApache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows r…

high
7.5
First published (updated )
CVE-2014-0074

Jsecurity JsecurityPath Traversal

medium
5
First published (updated )
CVE-2010-3863

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203