Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjajQtZ2o4bS1tMmY3

Critical EPSS: 0.01109% (0.77506 Percentile) EPSS:
Permalink JSON

Authentication bypass in Apache Shiro

Affected Packages Affected Versions Fixed Versions
maven:org.apache.shiro:shiro-spring < 1.7.0 1.7.0
335 Dependent packages
23,710 Dependent repositories

Affected Version Ranges

All affected versions

1.0.0-incubating, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.0-RC2, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0

All unaffected versions

1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.13.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

References:

Identifiers

GHSA-7cj4-gj8m-m2f7

CVE-2020-17510

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.01109

EPSS Percentile: 0.77506

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/shiro

Date and time

Published

over 4 years ago

Updated

2 days ago

API

JSON