A flaw was found in Apache Shiro. When using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.