Critical severityNVD Advisory· Published Oct 12, 2022· Updated May 15, 2025
Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
CVE-2022-40664
Description
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.shiro:shiro-coreMaven | < 1.10.0 | 1.10.0 |
Affected products
2- Apache Software Foundation/Apache Shirov5Range: Apache Shiro
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-45x9-q6vj-cqgqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-40664ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/10/12/1ghsamailing-listWEB
- www.openwall.com/lists/oss-security/2022/10/12/2ghsamailing-listWEB
- www.openwall.com/lists/oss-security/2022/10/13/1ghsamailing-listWEB
- lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwgghsaWEB
- security.netapp.com/advisory/ntap-20221118-0005ghsaWEB
- shiro.apache.org/blog/2022/10/10/2022/apache-shiro-1101-released.htmlghsaWEB
- security.netapp.com/advisory/ntap-20221118-0005/mitre
News mentions
0No linked articles in our index yet.