Homepage
About Snyk

org.apache.shiro:shiro-core@1.8.0 vulnerabilities

  • latest version

    2.0.0

  • latest non vulnerable version

    2.0.0

  • first published

    14 years ago

  • latest version published

    3 months ago

  • licenses detected

  • package manager

    View on Maven Repository
Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.shiro:shiro-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Authentication Bypass

org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

Affected versions of this package are vulnerable to Authentication Bypass when forwarding or including requests via the RequestDispatcher interface. Exploiting this vulnerability is possible due to improper filtering of the requests.

How to fix Authentication Bypass?

Upgrade org.apache.shiro:shiro-core to version 1.10.0 or higher.

[,1.10.0)
  • H
Authorization Bypass

org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

Affected versions of this package are vulnerable to Authorization Bypass when RegExPatternMatcher in a servlet container is supplied with a regular expression containing ..

How to fix Authorization Bypass?

Upgrade org.apache.shiro:shiro-core to version 1.9.1 or higher.

[,1.9.1)
Go back to all versions of this package