oss-sec mailing list archives
CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass
From: Brian Demers <bdemers () apache org>
Date: Thu, 16 Sep 2021 16:19:53 -0400
Description: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. Credit: Apache Shiro would like to thank tsug0d for reporting this issue.
Current thread:
- CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass Brian Demers (Sep 16)