VYPR

Maven package

org.apache.shiro/shiro-spring

pkg:maven/org.apache.shiro/shiro-spring

Vulnerabilities (3)

  • CVE-2026-23903Feb 9, 2026
    affected < 2.1.0fixed 2.1.0

    Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensiti

  • CVE-2020-17523Feb 3, 2021
    affected < 1.7.1fixed 1.7.1

    Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

  • CVE-2020-17510Nov 5, 2020
    affected < 1.7.0fixed 1.7.0

    Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.