Shiro Apache Shiro

stack.watch can notify you when security vulnerabilities are reported in Apache Shiro. You can add multiple products that you use with Shiro to create your own personal software stack watcher.

By the Year

In 2020 there have been 2 vulnerabilities in Apache Shiro with an average score of 9.8 out of ten. Last year Shiro had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 2.30.

Year Vulnerabilities Average Score
2020 2 9.80
2019 1 7.50
2018 0 0.00

It may take a day or so for new Shiro vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Apache Shiro Security Vulnerabilities

Apache Shiro before 1.5.3

CVE-2020-11989 9.8 - Critical - June 22, 2020

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

authentification

Apache Shiro before 1.5.2

CVE-2020-1957 9.8 - Critical - March 25, 2020

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

authentification

Apache Shiro before 1.4.2

CVE-2019-12422 7.5 - High - November 18, 2019

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

Improper Input Validation