Information on source package shiro

Available versions

Bug	buster	bullseye	bookworm	trixie	sid	Description
CVE-2023-34478	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a ...
CVE-2023-22602	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, ...
CVE-2022-40664	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shi ...
CVE-2022-32532	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ...
CVE-2021-41303	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...
CVE-2019-12422	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Apache Shiro before 1.4.2, when using the default "remember me" config ...

Bug	Description
CVE-2020-17523	Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...
CVE-2020-17510	Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...
CVE-2020-13933	Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...
CVE-2020-11989	Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...
CVE-2020-1957	Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...
CVE-2016-6802	Apache Shiro before 1.3.2 allows attackers to bypass intended servlet ...
CVE-2016-4437	Apache Shiro before 1.2.5, when a cipher key has not been configured f ...
CVE-2014-0074	Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthen ...
CVE-2010-3863	Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...