Vulnerabilities > Apache > Shiro > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-14 CVE-2023-22602 When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques.
network
low complexity
apache vmware
7.5
2020-08-17 CVE-2020-13933 Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache debian
7.5
2019-11-18 CVE-2019-12422 Unspecified vulnerability in Apache Shiro
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
network
low complexity
apache
7.5
2016-09-20 CVE-2016-6802 Improper Access Control vulnerability in Apache Shiro 1.3.1
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
network
low complexity
apache CWE-284
7.5