org.apache.shiro:shiro-spring-boot-starter@1.8.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.shiro:shiro-spring-boot-starter package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Interpretation Conflict

Affected versions of this package are vulnerable to Interpretation Conflict via a specially crafted HTTP request. The root cause for this vulnerability is that Shiro and Spring Boot use different pattern-matching techniques. Exploiting this vulnerability might cause an authentication bypass.

NOTE: This vulnerability is relevant only when using Apache Shiro before 1.11.0, together with Spring Boot 2.6 +.

How to fix Interpretation Conflict?

Upgrade org.apache.shiro:shiro-spring-boot-starter to version 1.11.0 or higher.

[,1.11.0)