Описание
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| shiro | unfixed | package | ||
| shiro | no-dsa | trixie | package | |
| shiro | no-dsa | bookworm | package | |
| shiro | no-dsa | bullseye | package | |
| shiro | no-dsa | buster | package | |
| shiro | no-dsa | stretch | package |
Примечания
https://www.openwall.com/lists/oss-security/2021/09/17/1
EPSS
Связанные уязвимости
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Уязвимость фреймворка Apache Shiro, связанная с недостатками механизма аутентификации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS