Homepage

org.apache.shiro:shiro-core

Licenses: Apache-2.0
Published: 16 years ago Last updated: 9 days ago Latest version: 2.2.1 Latest non-vulnerable version: 2.2.1

License

Apache-2.0[1.0.0-incubating,);
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.shiro:shiro-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
LDAP Injection

[,2.2.1)
  • M
Session Fixation

[,2.2.0)[3.0.0-alpha-1,3.0.0-alpha-2)
  • M
Sensitive Cookie in HTTPS Session Without "Secure" Attribute

[,2.2.0)[3.0.0-alpha-0,3.0.0-alpha-2)
  • M
Authentication Bypass by Alternate Name

[,2.1.0)
  • L
Timing Attack

[,2.1.0)
  • H
Authentication Bypass

[,1.10.0)
  • H
Authorization Bypass

[,1.9.1)
  • H
Authentication Bypass

[,1.8.0)
  • H
Arbitrary Code Execution

[,1.2.5)
  • H
Authentication Bypass

[1,1.2.3)

Package versions

46 VERSIONS IN TOTAL See all versions
versionpublisheddirect vulnerabilities
3.0.0-alpha-123 Feb, 2026
  • 0
    C
  • 0
    H
  • 2
    M
  • 0
    L
2.2.114 Jun, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
2.2.014 May, 2026
  • 0
    C
  • 1
    H
  • 0
    M
  • 0
    L
2.1.04 Feb, 2026
  • 0
    C
  • 1
    H
  • 2
    M
  • 0
    L
2.0.62 Nov, 2025
  • 0
    C
  • 1
    H
  • 3
    M
  • 1
    L
2.0.51 Jul, 2025
  • 0
    C
  • 1
    H
  • 3
    M
  • 1
    L
2.0.417 Apr, 2025
  • 0
    C
  • 1
    H
  • 3
    M
  • 1
    L
2.0.35 Apr, 2025
  • 0
    C
  • 1
    H
  • 3
    M
  • 1
    L
2.0.27 Nov, 2024
  • 0
    C
  • 1
    H
  • 3
    M
  • 1
    L
2.0.125 May, 2024
  • 0
    C
  • 1
    H
  • 3
    M
  • 1
    L