Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
References
Configurations
History
22 Feb 2022, 10:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
References | (MLIST) https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E - Mailing List, Vendor Advisory |
Information
Published : 2021-02-03 17:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-17523
Mitre link : CVE-2020-17523
CVE.ORG link : CVE-2020-17523
JSON object : View
Products Affected
apache
- shiro
CWE
CWE-287
Improper Authentication