Описание
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.3.2-2 |
| cosmic | not-affected | 1.3.2-2 |
| devel | not-affected | 1.3.2-2 |
| disco | not-affected | 1.3.2-2 |
| eoan | not-affected | 1.3.2-2 |
| esm-apps/bionic | not-affected | 1.3.2-2 |
| esm-apps/focal | not-affected | 1.3.2-2 |
| esm-apps/jammy | not-affected | 1.3.2-2 |
| esm-apps/noble | not-affected | 1.3.2-2 |
Показывать по
6.8 Medium
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Apache Shiro before 1.2.5, when a cipher key has not been configured f ...
6.8 Medium
CVSS2
9.8 Critical
CVSS3