Headline

GHSA-pmhc-2g4f-85cg: Path Traversal in Apache Shiro

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.

Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+

1 year ago

ghsa

Open in Source

#web #apache #git #auth

Path Traversal in Apache Shiro

Moderate severity GitHub Reviewed Published Jul 24, 2023 to the GitHub Advisory Database • Updated Jul 25, 2023

Related news

1 year ago

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

14 hours ago

ghsa

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

14 hours ago

ghsa

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

14 hours ago

ghsa

GHSA-2w5v-x29g-jw7j: Hashicorp Nomad Incorrect Authorization vulnerability

14 hours ago

ghsa

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

18 hours ago

ghsa