CVE-2020-17523

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
03/02/2021
Last modified:
17/06/2026

Description

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:* 1.7.1 (excluding)


References to Advisories, Solutions, and Tools