Org.apache.shiro:shiro-root
This hub aggregates every CVE we track for Org.apache.shiro:shiro-root, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
2
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
HIGH1MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 2 most recently published vulnerabilities affecting Org.apache.shiro:shiro-root.
- CVE-2023-22602Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request7.5
- CVE-2010-3863Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restr...5.0
Product normalization is registry-driven with AI assist and human review. How it works