[MAVEN:GHSA-3JX9-MGWX-4Q83] Apache Shiro Path Traversal vulnerability
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
Package | Affected Version |
---|---|
pkg:maven/org.apache.shiro/shiro-root | < 1.1.0 |
Package | Fixed Version |
---|---|
pkg:maven/org.apache.shiro/shiro-root | = 1.1.0 |
- ID
- MAVEN:GHSA-3JX9-MGWX-4Q83
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-3jx9-mgwx-4q83
- Published
-
2022-05-14T02:42:51
(2 years ago) - Modified
-
2024-02-07T22:57:27
(7 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.apache.shiro/shiro-root | org.apache.shiro | shiro-root | < 1.1.0 | |||
Fixed | pkg:maven/org.apache.shiro/shiro-root | org.apache.shiro | shiro-root | = 1.1.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |