Vulnerabilities > Apache > Shiro > 1.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-22 | CVE-2020-11989 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 9.8 |
| 2020-03-25 | CVE-2020-1957 | Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 9.8 |
| 2019-11-18 | CVE-2019-12422 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | 7.5 |
| 2016-09-20 | CVE-2016-6802 | Improper Access Control vulnerability in Apache Shiro 1.3.1 Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. | 7.5 |