Headline
GHSA-jc7h-c423-mpjc: Apache Shiro vulnerable to path traversal
Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting
Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled (this is the default).
Apache Shiro vulnerable to path traversal
Moderate severity GitHub Reviewed Published Jan 15, 2024 to the GitHub Advisory Database • Updated Jan 16, 2024
Related news
Red Hat Security Advisory 2024-3354-03 - Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include HTTP request smuggling, bypass, denial of service, deserialization, and traversal vulnerabilities.