URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability when “form” authentication is used in Apache Shiro.
Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
CPE | Name | Operator | Version |
---|---|---|---|
shiro | eq | 2.0.0 alpha2 | |
shiro | eq | 2.0.0 alpha1 | |
shiro | eq | 2.0.0 alpha3 | |
shiro | lt | 1.13.0 |