Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-1957

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
[CVE-2020-1957] Apache Shiro 1.5.2 released

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Brian Demers &lt;bdemers () apache org&gt;

Date: Mon, 23 Mar 2020 14:16:50 -0400

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
The Shiro team is pleased to announce the release of Apache Shiro version
1.5.2.

This security release contains 3 fixes since the 1.5.1 release and is
available for Download now [1].

    CVE-2020-1957:
    Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic
controllers,
    a specially crafted request may cause an authentication bypass.

Release binaries (.jars) are also available through Maven Central and
source bundles through Apache distribution mirrors.

For more information on Shiro, please read the documentation [2].

-The Apache Shiro Team

[1] http://shiro.apache.org/download.html
[2] http://shiro.apache.org/documentation.html

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

[CVE-2020-1957] Apache Shiro 1.5.2 released Brian Demers (Mar 23)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

[CVE-2020-1957] Apache Shiro 1.5.2 released

Vulmon Search

About

Products

Connect