| Bug | buster | bullseye | bookworm | sid | Description |
|---|
| CVE-2023-22602 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, ... |
| CVE-2022-40664 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shi ... |
| CVE-2022-32532 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ... |
| CVE-2021-41303 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ... |
| CVE-2019-12422 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Apache Shiro before 1.4.2, when using the default "remember me" config ... |
| Bug | Description |
|---|
| CVE-2020-17523 | Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ... |
| CVE-2020-17510 | Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ... |
| CVE-2020-13933 | Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ... |
| CVE-2020-11989 | Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ... |
| CVE-2020-1957 | Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ... |
| CVE-2016-6802 | Apache Shiro before 1.3.2 allows attackers to bypass intended servlet ... |
| CVE-2016-4437 | Apache Shiro before 1.2.5, when a cipher key has not been configured f ... |
| CVE-2014-0074 | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthen ... |
| CVE-2010-3863 | Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ... |