Critical severityNVD Advisory· Published Sep 17, 2021· Updated Aug 4, 2024
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass
CVE-2021-41303
Description
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.shiro:shiro-coreMaven | < 1.8.0 | 1.8.0 |
Affected products
8- osv-coords7 versionspkg:deb/ubuntu/shiro?arch=src?distro=esm-apps/bionicpkg:deb/ubuntu/shiro?arch=src?distro=esm-apps/xenialpkg:deb/ubuntu/shiro?arch=src?distro=focalpkg:deb/ubuntu/shiro?arch=src?distro=jammypkg:deb/ubuntu/shiro?arch=src?distro=noblepkg:deb/ubuntu/shiro?arch=src?distro=oracularpkg:maven/org.apache.shiro/shiro-core
>= 0+ 6 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: < 1.8.0
- Apache Software Foundation/Apache Shirov5Range: Apache Shiro
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-f6jp-j6w3-w9hmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41303ghsaADVISORY
- lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b@%3Cuser.shiro.apache.org%3EghsaWEB
- lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3Eghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220609-0001ghsaWEB
- security.netapp.com/advisory/ntap-20220609-0001/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.