High severityNVD Advisory· Published Nov 18, 2019· Updated Aug 4, 2024
CVE-2019-12422
CVE-2019-12422
Description
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.shiro:shiro-coreMaven | < 1.4.2 | 1.4.2 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-r679-m633-g7wcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-12422ghsaADVISORY
- lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c%40%3Cdev.shiro.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c@%3Cdev.shiro.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040%40%3Ccommits.shiro.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3EghsaWEB
News mentions
0No linked articles in our index yet.