Homepage

org.apache.shiro:shiro-jakarta-ee@3.0.0-alpha-1

  • latest version

    2.2.0

  • first published

    3 years ago

  • latest version published

    24 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.apache.shiro:shiro-jakarta-ee package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Open Redirect

    Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVED_REQUEST_KEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrusted sites by forging this cookie.

    How to fix Open Redirect?

    Upgrade org.apache.shiro:shiro-jakarta-ee to version 2.2.0, 3.0.0-alpha-2 or higher.

    [,2.2.0)[3.0.0-alpha-0,3.0.0-alpha-2)
    • M
    Open Redirect

    Affected versions of this package are vulnerable to Open Redirect due to insufficient validation of the Referer header in saveRequestReferer(). An authenticated user can redirect users to arbitrary external sites by supplying a malicious Referer value during authentication.

    How to fix Open Redirect?

    Upgrade org.apache.shiro:shiro-jakarta-ee to version 2.2.1, 3.0.0-alpha-2 or higher.

    [,2.2.1)[3.0.0-alpha-1,3.0.0-alpha-2)
    Go back to all versions of this package