Lucene search
ApacheCVELIST:CVE-2023-34478HistoryJul 24, 2023 - 6:24 p.m.
CVE-2023-34478 Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.
2023-07-2418:24:45
CWE-22
apache
www.cve.org
1
vulnerability
apache shiro
path traversal
authentication bypass
mitigation
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.
Mitigation:Β Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Shiro",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.0.0-alpha-3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
broadcom
broadcom
ubuntucve
ubuntucve
CVE-2023-34478
2023-07-24 00:00:00
veracode
veracode
Path Traversal
2023-07-26 12:52:26
Path Traversal
2023-07-26 04:05:08
debiancve
debiancve
CVE-2023-34478
2023-07-24 19:15:10
nvd
nvd
CVE-2023-34478
2023-07-24 19:15:10
github
github
Path Traversal in Apache Shiro
2023-07-24 21:30:39
ibm
ibm
cve
cve
CVE-2023-34478
2023-07-24 19:15:10
osv
osv
Path Traversal in Apache Shiro
2023-07-24 21:30:39
CVE-2023-34478
2023-07-24 19:15:10
prion
prion
Path traversal
2023-07-24 19:15:00
cnvd
cnvd
Apache Shiro Path Traversal Vulnerability
2023-07-30 00:00:00