Vulnerabilities > Apache > Shiro > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-14 | CVE-2023-22602 | Interpretation Conflict vulnerability in multiple products When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. | 7.5 |
| 2020-08-17 | CVE-2020-13933 | Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | 7.5 |
| 2019-11-18 | CVE-2019-12422 | Unspecified vulnerability in Apache Shiro Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | 7.5 |
| 2016-09-20 | CVE-2016-6802 | Improper Access Control vulnerability in Apache Shiro 1.3.1 Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. | 7.5 |