Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVSS Score
9.8
EPSS Score
0.201
Published
2022-06-29
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
CVSS Score
9.8
EPSS Score
0.756
Published
2021-09-17
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
CVSS Score
9.8
EPSS Score
0.859
Published
2021-02-03
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
CVSS Score
9.8
EPSS Score
0.091
Published
2020-11-05
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
CVSS Score
7.5
EPSS Score
0.48
Published
2020-08-17
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVSS Score
9.8
EPSS Score
0.244
Published
2020-06-22
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVSS Score
9.8
EPSS Score
0.262
Published
2020-03-25
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVSS Score
7.5
EPSS Score
0.091
Published
2019-11-18
Page 2