Apache

Shiro

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.5

CVE-2026-23901

  • EPSS 0.01%
  • Veröffentlicht 10.02.2026 09:25:51
  • Zuletzt bearbeitet 12.02.2026 15:30:25

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-e...

5.3

CVE-2026-23903

  • EPSS 0.13%
  • Veröffentlicht 09.02.2026 09:26:21
  • Zuletzt bearbeitet 11.02.2026 18:30:59

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files ar...

6.5

CVE-2023-46749

  • EPSS 0.15%
  • Veröffentlicht 15.01.2024 10:15:26
  • Zuletzt bearbeitet 03.11.2025 22:16:29

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `bloc...

6.1

CVE-2023-46750

  • EPSS 0.2%
  • Veröffentlicht 14.12.2023 09:15:42
  • Zuletzt bearbeitet 03.11.2025 22:16:29

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

9.8

CVE-2023-34478

  • EPSS 0.04%
  • Veröffentlicht 24.07.2023 19:15:10
  • Zuletzt bearbeitet 13.02.2025 17:16:38

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigatio...

7.5

CVE-2023-22602

  • EPSS 0.16%
  • Veröffentlicht 14.01.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:45:02

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. B...

9.8

CVE-2022-40664

  • EPSS 0.62%
  • Veröffentlicht 12.10.2022 07:15:09
  • Zuletzt bearbeitet 15.05.2025 15:16:02

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

9.8

CVE-2022-32532

  • EPSS 80.95%
  • Veröffentlicht 29.06.2022 00:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:34

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

9.8

CVE-2021-41303

  • EPSS 50.08%
  • Veröffentlicht 17.09.2021 09:15:09
  • Zuletzt bearbeitet 21.11.2024 06:26:00

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

9.8

CVE-2020-17523

  • EPSS 88.77%
  • Veröffentlicht 03.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:08:17

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.