Package impact

Maven / org.apache.shiro:shiro-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2016-4437	unknown	—	1.5	4y ago	Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been confi…
CVE-2026-23901	unknown	—	—	4mo ago	Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the…
CVE-2023-46749	unknown	—	—	2y ago	Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apac…
CVE-2022-40664	unknown	—	—	4y ago	Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
CVE-2022-32532	unknown	—	—	4y ago	Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly…
CVE-2021-41303	unknown	—	—	5y ago	Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
CVE-2020-13933	unknown	—	—	5y ago	Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-1957	unknown	—	—	5y ago	Improper Authentication in Apache Shiro
CVE-2020-11989	unknown	—	—	5y ago	Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVE-2019-12422	unknown	—	—	6y ago	Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.