Moderate severityNVD Advisory· Published Dec 14, 2023· Updated Nov 3, 2025
Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.
CVE-2023-46750
Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.shiro:shiro-webMaven | < 1.13.0 | 1.13.0 |
org.apache.shiro:shiro-webMaven | >= 2.0.0-alpha-1, < 2.0.0-alpha-4 | 2.0.0-alpha-4 |
Affected products
2- Apache Software Foundation/Apache Shirov5Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-hhw5-c326-822hghsaADVISORY
- lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-46750ghsaADVISORY
- github.com/apache/shiro/commit/3b80f5c8e5a95ba31e92e4825ecc0ba3148b555aghsaWEB
- github.com/apache/shiro/commit/8400d08d5eac0bc4fae99d28c5adc82dd8a86edaghsaWEB
- security.netapp.com/advisory/ntap-20240808-0002ghsaWEB
- security.netapp.com/advisory/ntap-20241108-0002ghsaWEB
News mentions
0No linked articles in our index yet.