Maven package
org.apache.shiro/shiro-spring
pkg:maven/org.apache.shiro/shiro-spring
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23903 | — | < 2.1.0 | 2.1.0 | Feb 9, 2026 | Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensiti | ||
| CVE-2020-17523 | — | < 1.7.1 | 1.7.1 | Feb 3, 2021 | Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | ||
| CVE-2020-17510 | — | < 1.7.0 | 1.7.0 | Nov 5, 2020 | Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. |
- CVE-2026-23903Feb 9, 2026affected < 2.1.0fixed 2.1.0
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensiti
- CVE-2020-17523Feb 3, 2021affected < 1.7.1fixed 1.7.1
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
- CVE-2020-17510Nov 5, 2020affected < 1.7.0fixed 1.7.0
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.