cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-46749,https://securityvulnerability.io/vulnerability/CVE-2023-46749,"Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting ","Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default). ",Apache,Apache Shiro,6.5,MEDIUM,0.002219999907538295,false,,false,false,false,,,false,false,,2024-01-15T09:57:31.613Z,0 CVE-2023-46750,https://securityvulnerability.io/vulnerability/CVE-2023-46750,Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.,"URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ""form"" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. ",Apache,Apache Shiro,6.1,MEDIUM,0.00267999991774559,false,,false,false,false,,,false,false,,2023-12-14T09:15:00.000Z,0 CVE-2023-34478,https://securityvulnerability.io/vulnerability/CVE-2023-34478,"Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.","Apache Shiro, a powerful and flexible open-source security framework, is susceptible to a path traversal vulnerability prior to versions 1.12.0 and 2.0.0-alpha-3. When integrated with APIs or web frameworks that handle non-normalized requests, this vulnerability could allow attackers to bypass authentication mechanisms. Users are highly encouraged to update to the latest versions to mitigate the risks associated with this vulnerability.",Apache,Apache Shiro,9.8,CRITICAL,0.00215999991632998,false,,false,false,false,,,false,false,,2023-07-24T19:15:00.000Z,0 CVE-2023-22602,https://securityvulnerability.io/vulnerability/CVE-2023-22602,"Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request","In specific configurations, an authentication bypass vulnerability exists when integrating Apache Shiro prior to version 1.11.0 with Spring Boot 2.6 or newer. This vulnerability arises from differing pattern-matching strategies, allowing an attacker to exploit the authentication process. The default settings in both frameworks utilize Ant-style pattern matching when versions are below those specified. Users are advised to upgrade to Apache Shiro 1.11.0 or adjust Spring Boot’s settings to ensure security by configuring the 'spring.mvc.pathmatch.matching-strategy' to 'ant_path_matcher'.",Apache,Apache Shiro,7.5,HIGH,0.0026000000070780516,false,,false,false,false,,,false,false,,2023-01-14T10:15:00.000Z,0 CVE-2022-40664,https://securityvulnerability.io/vulnerability/CVE-2022-40664,Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher,"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.",Apache,Apache Shiro,9.8,CRITICAL,0.012690000236034393,false,,false,false,false,,,false,false,,2022-10-12T00:00:00.000Z,0 CVE-2022-32532,https://securityvulnerability.io/vulnerability/CVE-2022-32532,Authentication Bypass Vulnerability,"Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.",Apache,Apache Shiro,9.8,CRITICAL,0.04019000008702278,false,,false,false,true,2022-06-29T01:05:33.000Z,true,false,false,,2022-06-29T00:15:00.000Z,0 CVE-2021-41303,https://securityvulnerability.io/vulnerability/CVE-2021-41303,"Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass","Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.",Apache,Apache Shiro,9.8,CRITICAL,0.13921000063419342,false,,false,false,false,,,false,false,,2021-09-17T08:20:12.000Z,0 CVE-2020-17523,https://securityvulnerability.io/vulnerability/CVE-2020-17523,,"Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.",Apache,Apache Shiro,9.8,CRITICAL,0.3482300043106079,false,,false,false,true,2021-02-03T08:14:03.000Z,true,false,false,,2021-02-03T16:55:18.000Z,0 CVE-2020-17510,https://securityvulnerability.io/vulnerability/CVE-2020-17510,,"Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.",Apache,Apache Shiro,9.8,CRITICAL,0.047919999808073044,false,,false,false,false,,,false,false,,2020-11-05T20:17:36.000Z,0 CVE-2020-13933,https://securityvulnerability.io/vulnerability/CVE-2020-13933,,"Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.",Apache,Apache Shiro,7.5,HIGH,0.0026700000744313,false,,false,false,true,2021-10-19T09:33:46.000Z,true,false,false,,2020-08-17T20:19:53.000Z,0 CVE-2020-11989,https://securityvulnerability.io/vulnerability/CVE-2020-11989,,"Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.",Apache,Apache Shiro,9.8,CRITICAL,0.2508000135421753,false,,false,false,true,2020-10-18T08:34:47.000Z,true,false,false,,2020-06-22T18:06:37.000Z,0 CVE-2020-1957,https://securityvulnerability.io/vulnerability/CVE-2020-1957,,"Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.",Apache,Apache Shiro,9.8,CRITICAL,0.008379999548196793,false,,false,false,false,,,false,false,,2020-03-25T15:24:27.000Z,0