You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles
authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /server/impl/pom.xml
Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles
authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /server/impl/pom.xml
Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles
authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /server/impl/pom.xml
Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles
authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /server/impl/pom.xml
Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml
Vulnerable Library - shiro-web-1.5.1.jar
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /server/impl/pom.xml
Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml
Found in HEAD commit: cfb756aae811651de93ac8a69c7191e48bb4960f
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-1957
Vulnerable Library - shiro-web-1.5.1.jar
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /server/impl/pom.xml
Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml
Dependency Hierarchy:
Found in HEAD commit: cfb756aae811651de93ac8a69c7191e48bb4960f
Found in base branch: master
Vulnerability Details
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Publish Date: 2020-03-25
URL: CVE-2020-1957
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://shiro.apache.org/news.html
Release Date: 2020-03-25
Fix Resolution: 1.5.2
In order to enable automatic remediation, please create workflow rules
CVE-2020-17510
Vulnerable Library - shiro-web-1.5.1.jar
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /server/impl/pom.xml
Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml
Dependency Hierarchy:
Found in HEAD commit: cfb756aae811651de93ac8a69c7191e48bb4960f
Found in base branch: master
Vulnerability Details
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Publish Date: 2020-11-05
URL: CVE-2020-17510
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E
Release Date: 2020-11-05
Fix Resolution: 1.7.0
In order to enable automatic remediation, please create workflow rules
CVE-2020-11989
Vulnerable Library - shiro-web-1.5.1.jar
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /server/impl/pom.xml
Path to vulnerable library: /server/impl/pom.xml,/server/dist/pom.xml
Dependency Hierarchy:
Found in HEAD commit: cfb756aae811651de93ac8a69c7191e48bb4960f
Found in base branch: master
Vulnerability Details
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Publish Date: 2020-06-22
URL: CVE-2020-11989
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/SHIRO-753
Release Date: 2020-06-22
Fix Resolution: 1.5.3
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
The text was updated successfully, but these errors were encountered: