'[oss-security] CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, '

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, 
From:       Brian Demers <bdemers () apache ! org>
Date:       2021-09-16 20:19:53
Message-ID: CAH9eYVrHUMa9_E7ZHb=shpMS18TF7MXkM_9mcpJbcCTG8b6z3Q () mail ! gmail ! com
[Download RAW message or body]

Description:

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a
specially crafted HTTP request may cause an authentication bypass.

Users should update to Apache Shiro 1.8.0.

Credit:

Apache Shiro would like to thank tsug0d for reporting this issue.

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic