CyberSec.Space Logo
Back to CVE Browser

CVE-2021-41303

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile29.97th
PublishedSep 17, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

Affected Platforms (CPE)

πŸ“¦
Apache

Shiro

< 1.8.0
πŸ“¦
Oracle

Financial Services Crime And Compliance Management Studio

= 8.0.8.2.0
πŸ“¦
Oracle

Financial Services Crime And Compliance Management Studio

= 8.0.8.3.0

References & Advisories

πŸ”— https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3E
πŸ”— https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E
πŸ”— https://security.netapp.com/advisory/ntap-20220609-0001/
πŸ”— https://www.oracle.com/security-alerts/cpujul2022.html
πŸ”— https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3E
πŸ”— https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E
πŸ”— https://security.netapp.com/advisory/ntap-20220609-0001/
πŸ”— https://www.oracle.com/security-alerts/cpujul2022.html

Related Vulnerabilities

CVE-2020-175109.8

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypas...

CVE-2020-19579.8

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authe...

CVE-2020-119899.8

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authe...

CVE-2020-175239.8

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypas...