Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 15 results


CVE-2023-46749

Medium priority
Needs evaluation

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+...

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-46750

Medium priority
Needs evaluation

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-34478

Medium priority
Needs evaluation

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized...

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-22602

Medium priority
Needs evaluation

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using...

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-40664

Medium priority
Needs evaluation

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-32532

Medium priority
Needs evaluation

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-41303

Medium priority
Needs evaluation

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-17523

Medium priority
Needs evaluation

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-17510

Medium priority

Some fixes available 4 of 9

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Fixed Fixed Fixed Ignored
Show less packages

CVE-2020-13933

Medium priority

Some fixes available 4 of 9

Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.

1 affected packages

shiro

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shiro Fixed Fixed Fixed Ignored
Show less packages