Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shiro vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-46749
Apache Shiro prior to 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this i...
Apache Shiro 2.0.0
Apache Shiro
7.5
CVSSv3
CVE-2024-0356
A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclo...
Mandelo Ssm Shiro Blog 1.0
6.1
CVSSv3
CVE-2023-46750
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
Apache Shiro 2.0.0
Apache Shiro
9.8
CVSSv3
CVE-2023-34478
Apache Shiro, prior to 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.1...
Apache Shiro 2.0.0
Apache Shiro
7.5
CVSSv3
CVE-2023-22602
When using Apache Shiro prior to 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot <...
Apache Shiro
Vmware Spring Boot 2.6.0
9.8
CVSSv3
CVE-2021-38241
Deserialization issue discovered in Ruoyi prior to 4.6.1 allows remote malicious users to run arbitrary code via weak cipher in Shiro framework.
Ruoyi Ruoyi
9.8
CVSSv3
CVE-2022-40664
Apache Shiro prior to 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
Apache Shiro
9.8
CVSSv3
CVE-2022-32532
Apache Shiro prior to 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Apache Shiro
3 Github repositories
9.8
CVSSv3
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.
Jeesite Jeesite 1.2.7
9.8
CVSSv3
CVE-2022-22928
MCMS v5.2.4 exists to have a hardcoded shiro-key, allowing malicious users to exploit the key and execute arbitrary code.
Mingsoft Mcms 5.2.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »